By Susan Bradley
Microsoft’s most critical patch this month is one I recommend holding back on.
ActiveX control vulnerability threatens RTF files
In its April 10 Security Research & Defense blog, Microsoft describes how a flawed ActiveX control in all 32-bit versions of Office allows attacks via malicious Office documents. The first examples of this exploit use RTF-format files.
The blog goes on to say that there have been limited attacks, so far.
Rated critical, this update also affects numerous other MS applications such as BizTalk Server 2002, some versions of Commerce Server, Visual FoxPro, Visual Basic 6.0 Runtime, and supported versions of SQL Server 2005 and 2008. MS Support article 2664258 has a long list of possible issues with the update.
I anticipate that some line-of-business applications might be impacted. The update requires searching your computer for .exd files and removing them from temp-file locations, so that your applications will work properly. I’d rather your business-application vendor guide you on this process.