• Chart: Apr. 2005 Software Update Summary

The Apr. 2005 "Patch Tuesday" saw the release of eight updates for a number of critical and important vulnerabilities in Exchange Server, Windows, Word, and MSN Messenger. Most customers need to install the patches (released Apr. 12) as soon as possible to avoid exploits that will appear now that the vulnerabilities are public. Customers who have installed the recently released Windows Server 2003 SP1 are already updated for the Windows vulnerabilities. However, due to the number of new features in Windows Server 2003 SP1, few administrators have likely finished their testing and deployment of the service pack.

Organizations will want to pay particular attention to the updates for TCP/IP (MS05-019), Internet Explorer (MS05-020), Exchange (MS05-21), and Word (MS05-23), as these components and products are widely used and the vulnerabilities are critical because an exploit could allow an attacker to gain complete control of the unpatched system. (For a summary of all the critical and important patches, see the chart "Apr. 2005 Update Summary".)

Microsoft also released important updates to Microsoft Windows Installer 3.1, BITS 2.0, and WinHTTP 5.1. Microsoft released these nonsecurity updates along with the security updates so that administrators could deploy them together, if warranted.

Microsoft also released a new version of its malicious software removal tool, which detects and removes some known exploits. The company plans to release new versions of this tool up to once a month, as needed.

Microsoft's summary of the April bulletins is at www.microsoft.com/technet/security/bulletin/ms05-apr.mspx.

The malicious software removal tool can be downloaded from www.microsoft.com/security/malwareremove/.