Security ratings range from 'moderate' to 'critical'

Microsoft readies five April patches

Actively exploited flaw awaits plugging

Written by Tom Sanders in California

vnunet.com, 10 Apr 2006

Microsoft plans to release a security patch on Tuesday that repairs five vulnerabilities in Windows and one in Office.

The security rating for the most serious Windows flaw is 'critical' and the Office patch has a security rating of 'moderate', Microsoft said in a security bulletin on its website.

The update will include a fix for the 'CreateTextRange' vulnerability that attackers started exploiting last month.

Microsoft will also distribute a non-security update for Internet Explorer. The patch will make changes to the browser to let it circumvent a patent owned by Eolas and the University of California.

The update will disable all ActiveX elements on a webpage until users click on the page or press the tab and enter keys.

Enterprises can delay the patch for up to two months while they test applications for potential compatibility issues, Microsoft has previously said.