Microsoft issued six patches, four of which were critical in the April 2012 software updates.
The company released its monthly patch Tuesday. The patches affect Microsoft Windows, Internet Explorer, the .NET Framework, Office, SQL Server, Server Software, Developer Tools, and Forefront United Access Gateway.
The first bulletin, MS12-023, rated critical, is a cumulative security update for Internet Explorer that resolves five privately disclosed vulnerabilities, the most severe of which could lead to remote code execution. If unpatched, it is possible for an attacker to gain the same user rights as the current user. As always, users with fewer rights configured will be less impacted. The second bulletin, MS12-024, resolves a vulnerability in Widows that could lead to remote code execution on unpatched machines if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system. The third bulletin, MS12-025, fixes a privately reported bug in the .NET framework that could lead to remote code execution. The last critical patch, MS12-027, has to do with a vulnerability in Windows Common Controls that could also lead to remote code execution.
The last two bulletins, MS12-026 and MS12-028, were rated as critical vulnerabilities in Forefront Unified Access Gateway (UAG) that could allow for information disclosure and a vulnerability in Microsoft Office the could allow remote code execution.
You can read more about the patch Tuesday bulletins at Microsoft’s Technet blog.