Microsoft announced on Tuesday the latest eight patches for the monthly security updates, which are meant to fix a series of vulnerabilities in Windows, Office and Internet Explorer. Five of the security bulletins issued for April have been labeled as critical, while 3 of them have been labeled as important.

According to the Microsoft Security Bulletin for April 2008, the vulnerabilities were as follows: vulnerability in Microsoft Project - Microsoft Office (critical), vulnerability in GDI - Microsoft Windows (critical), vulnerability in VBScript and Jscript scripting engines - Microsoft Windows (critical), security update of Active X – Microsoft Windows and IE (critical), cumulative security update for Internet Explorer – Microsoft Windows, IE (critical), vulnerability in DNS client – Microsoft Windows (important), vulnerability in Windows Kernel – Microsoft Windows (important), vulnerability in Microsoft Visio – Microsoft Office (important).

The MS08-021 security bulletin was considered critical for resolving two reported vulnerabilities in GDI, which allowed remote code execution if a user opened a specially crafted EMF or WMF image file. This would have allowed any attacker to take control over the affected system and later have full user rights on the computer.

Other two critical bulletins, MS08-023 and MS08-024 solve a problem with the Active X. The update includes a kill bit for Yahoo! Music Jukebox, which also allowed remote code execution if the user visited a specially crafted Web page using Internet Explorer. Users with administrative rights were the most likely to be affected by this issue.

MS08-022, also labeled as critical, fixes a problem in the VBScript and Jscript scripting engines in Windows, which allowed the attacker to take full control of an affected system and get full user rights. Microsoft recommended users to apply this update immediately.