Eight Updates Released in April

The Apr. 2005 “Patch Tuesday” saw the release of eight updates for a number of critical and important vulnerabilities in Exchange Server, Windows, Word, and MSN Messenger. Most customers need to install the patches (released Apr. 12) as soon as possible to avoid exploits that will appear now that the vulnerabilities are public. Customers who have installed the recently released Windows Server 2003 SP1 are already updated for the Windows vulnerabilities. However, due to the number of new features in Windows Server 2003 SP1, few administrators have likely finished their testing and deployment of the service pack.

Organizations will want to pay particular attention to the updates for TCP/IP (MS05-019), Internet Explorer (MS05-020), Exchange (MS05-21), and Word (MS05-23), as these components and products are widely used and the vulnerabilities are critical because an exploit could allow an attacker to gain complete control of the unpatched system. (For a summary of all the critical and important patches, see the chart “Apr. 2005 Update Summary“.)