Beyond .ANI: More Critical Patches for Microsoft

Microsoft isn’t finished with its security fixes for the month. Next week the software maker plans to release five more sets of patches fixing critical flaws in Windows and the Microsoft Content Management Server.

The April 10 patches will come as part of Microsoft’s regular monthly patch release process. The company’s security team had been planning to release a sixth security update next week, MS07-017, but it was forced to rush that one out on Tuesday after online criminals began attacking Windows machines, exploiting one of the flaws addressed in the patch.

That flaw lies in the way Windows processes .ani files, which are used to create cartoon-like animated cursors. Though the flaw affects Windows, it can be exploited through a number of widely used applications including Internet Explorer, Mozilla, Outlook and Outlook Express, security experts say. Criminals were taking advantage of this flaw to install malicious software on victims’ machines.

Four of next week’s updates will fix flaws in Windows, Microsoft said in a note published on its website Thursday. The most serious of these flaws is rated “critical,” Microsoft’s most severe rating. The Content Management Server update is also considered critical, Microsoft said.

Non-security updates will also be released on Microsoft’s various automatic update services and, as usual, the company will refresh its Malicious Software Removal Tool.

All of this activity comes after a quiet month of March.

Microsoft held off on publishing any security updates last month, a move that has generated some criticism because the company was first warned of the .ani flaw in late December.

-Robert McMillan, IDG News Service