As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches. This month there are nine bulletins, addressing twelve identified vulnerabilities. Two bulletins have a Critical severity rating, and the remaining seven are rated Important. Six of the bulletins are for Windows and its components; every supported version of Windows is affected; all desktop versions have one or more Critical vulnerabilities. Microsoft says that five of the Windows bulletins will definitely require a system reboot, and the sixth may require one, depending on the configuration of your system.
The remaining three bulletins, all of which are rated Important, apply to other Microsoft software products. There will be two bulletins that affect SharePoint Server. Groove, SharePoint Foundation, Office Web Apps, and Windows Defender for Windows 8 and RT are affected by one bulletin each. One bulletin (MS13-035) also applies to InfoPath; it does not have a severity rating, because the known attack method is already blocked. The patch for Windows Defender will require a system reboot, and the others may require one.
For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for April 2013.
As usual, I recommend applying these patches to your systems as soon as you conveniently can.
The handlers at the SANS Internet Storm Center have posted their usual summary and evaluation of this month’s patches.