April Patch Tuesday roundup

Patch Tuesday has again come and gone and Microsoft's new OS, Vista, has again been patched--for the second time this month, to be exact. Of the five security bulletins released this month, four have been rated "critical" by the company. The patches repair eight vulnerabilities in various versions of Windows and Microsoft Content Management Server. Here's a brief rundown of the fixes:

• MS07-018 (Critical): Fixes two bugs in Microsoft's Content Management Server; a remote code execution vulnerability and a flaw that could allow cross-site scripting attacks.
• MS07-019 (Critical): A remote code execution vulnerability in the Universal Plug and Play service. Can be used to run unsigned code on the local machine.
• MS07-020 (Critical): Remote code execution bug that places Windows users at risk of URL-based attacks.
• MS07-021 (Critical): Fixes three CSRSS bugs in Windows, could allow an attacker to gain complete control of a user's machine. Exploit code for these attacks is publicly available.
• MS07-022 (Important): Patches a Windows kernel flaw that could allow privilege elevation attacks.

And what a lovable bunch of patches they are. Need some motivation to get cracking? Check out today's "Security Alert."

For more on the patches:
- see this ZDnet article