The month of April started off with a bang, when Microsoft released MS07-017, a rare out of cycle patch but ended with a fizzle, with 8 additional vulnerabilities. While four critical vulnerabilities were addressed, that is down significantly from the 13 critical vulnerabilities that were patched in February 2007, the last full patch cycle (March was skipped). While it may at first appear encouraging to see the number of patches diminishing, don't be fooled. Take a quick look at upcoming advisories for 3Com's Zero Day Initiative or eEye Research and you'll see that they collectively have more than a dozen unpatched Microsoft vulnerabilities.

The February patch release was relatively small when compared to recent months. We ended up with 8 vulnerabilities in 5 bulletins having the following overall severity rankings.

• 4 Critical
• 3 Important
• 1 Moderate

This month's bulletins included patches for one public vulnerability, beyond MS07-017 which was patched last week. The following publicly known issue received a patch:

• MS07-021 (CVE-2006-6696) MsgBox (CSRSS) Remote Code Execution Vulnerability

Below is a cheat sheet for all 8 vulnerabilities.

Enjoy!

- michael