5 Microsoft Security Bulletins for April 2006

Microsoft released five security bulletins for the month of April:

MS06-013--Cumulative Security Update for Internet Explorer (912812)

MS06-014--Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)

MS06-015--Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

MS06-016--Cumulative Security Update for Outlook Express (911567)

MS06-017--Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)

The first four of these bulletins are primarily workstation risks. I recommend deploying MS06-013 and MS06-015 as soon as possible. MS06-013 is especially urgent because details of some exploits are public and attackers are already using them.
The final bulletin, MS06-017, impacts Microsoft IIS servers running Microsoft FrontPage Server Extensions or Microsoft SharePoint Team Services. Although Microsoft rates the severity of this exposure as only moderate, I recommend loading the update on all affected servers as soon as possible.