[ISN] Microsoft Fixes Two Zero-Day Flaws

From: InfoSec News <alerts_at_private>
Date: Wed, 14 Apr 2010 00:25:49 -0500 (CDT)

By Thomas Claburn
April 13, 2010

Microsoft on Tuesday issued its April security patch, which includes 11 
bulletins addressing 25 vulnerabilities.

Five of the bulletins are rated "critical," five are rated "important," 
and one is rated "moderate."

According to Wolfgang Kandek, CTO of Qualys, two of the bulletins -- 
MS10-020, an SMBv2 denial of service flaw, and MS10-022, a VBScript flaw 
-- close zero-day vulnerabilities.

Two weeks ago, Microsoft issued an emergency, or out-of-band, patch to 
address a different zero-day flaw in Internet Explorer.

Had Microsoft not done so, April's patch would have been one of the 
largest ever, with 12 bulletins and 35 vulnerabilities.


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Tue Apr 13 2010 - 22:25:49 PDT

This archive was generated by hypermail 2.2.0 : Tue Apr 13 2010 - 22:33:18 PDT