Update
Don reported the following:

I had a problem with MS0-020 (KB980232) and had to uninstall it. My daily critical-files backup involves using NTBackup on a WindowsXP client machine to copy a bunch of stuff (some of it on network shares) to a USB stick that I carry with me. This morning I looked at the log and discovered that NTBackup had been unable to access the network shares. Everything else appears normal, so I assume it's a problem with NTBackup compatibility with the patch.



-MH-


Overview of theApril 2010 MicrosoftPatchesand their status.




#
Affected
Contra Indications
Known Exploits
Microsoft rating
ISC rating(*)


clients
servers





MS10-019
Vulnerabilities in Windows Authenticode Verification


Authenticode

CVE-2010-0486

CVE-2010-0487
KB 981210
no known exploits.
Severity:Critical

Exploitability: 2,2
Critical
Critical



MS10-020
Vulnerabilities in SMB Client (Replaces MS10-006 )


SMB Client

CVE-2009-3676

CVE-2010-0269

CVE-2010-0270

CVE-2010-0476

CVE-2010-0477
KB 980232
vuln public.
Severity:Critical

Exploitability: 3,3,2,2,3
Critical
Critical



MS10-021
Privilege Elevation Vulnerabilities in Windows Kernel (Replaces MS10-015 )


Windows Kernel

CVE-2010-0234

CVE-2010-0235

CVE-2010-0236

CVE-2010-0237

CVE-2010-0238

CVE-2010-0481

CVE-2010-0482

CVE-2010-0810
KB 979683
no known exploits.
Severity:Important

Exploitability: ?,?,1,1,?,?,?,?
Important
Important



MS10-022
Vulnerability in VBScript Engine (Replaces MS10-022 )


VBScript

CVE-2010-0483
KB 981169
Known Exploits!.
Severity:Critical

Exploitability: 1
PATCH NOW!
Critical



MS10-023
Vulnerability in Microsoft Office Publisher (Replaces MS08-027 MS09-030 )


Publisher

CVE-2010-0479
KB 981160
no known exploits.
Severity:Important

Exploitability: 1
Critical
Important



MS10-024
DoS Vulnerability in Microsoft Exchange and SMTP Service


Exchange, SMTP Service

CVE-2010-0024

CVE-2010-0025
KB 981832
vuln public.
Severity:Important

Exploitability: 3,?
Moderate
Important



MS10-025
Vulnerability in Micorsoft Windows Media Services


Windows Meida Services

CVE-2010-0478
KB 980858
no known exploit.
Severity:Critical

Exploitability: 1
Moderate
Critical



MS10-026
Vulnerability in Microsoft MPEG Layer 3 Codec


MPEG Layer 3 Codec

CVE-2010-0480
KB 977816
no known exploit.
Severity:Critical

Exploitability: 1
Critical
Moderate



MS10-027
Vulnerability in Windows Media Player (Replaces MS07-047 )


Windows Media Player

CVE-2010-0268
KB 979402
no known exploit.
Severity:Critical

Exploitability: 1
Critical
Moderate



MS10-028
Vulnerabilities in Microsoft Visio (Replaces MS09-062 MS09-005 )


Windows Media Player

CVE-2010-0254

CVE-2010-0256
KB 980094
no known exploit.
Severity:Critical

Exploitability: 1,2
Critical
Important



MS10-029
ISATAP Spoofing Vulnerability


ISATAP

CVE-2010-0812
KB 978338
no known exploit.
Severity:Moderate

Exploitability: ?
Moderate
Moderate





We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:

PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
Important: Things where more testing and other measures can help.
Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.


The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them



------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.