Five of the issued patched are aimed at critical vulnerabilities found in Excel, Wordpad and office converters, HTTP services, Internet Explorer and DirectX. Only the latter is tagged with “No publicly known exploits”, while the others have the exploit code publicly available and are actively exploited.
The April pack includes two important-rated patches as well. One was developed for vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway and seeks to prevent attacks that would result in Denial of Service.
The other patch addresses the Windows OS and plugs a flaw that would allow elevation of privilege. The last fix of the pack is rated moderate and is aimed at SearchPath.
Six patches will require a restart after being installed. One critical flaw will require even Windows 2003 and 2008 Servers to restart.
It’s rather odd how Microsoft failed to deliver a fix for the PowerPoint flaw, which is known to be actively exploited for some time now. Hopefully, the company will come up with a separate fix in the near future.