Following a quiet March, April has seen the return of Microsoft’s traditional Patch Tuesday. However the four critical updates were released on the back of continuing problems regarding the animated cursor issue. The .ani vulnerability has rarely been out of the news this month: Microsoft released an unusual early fix and then, as has happened in the past, encountered problems with the security update and had to re-release the bulletin.

The five scheduled updates (of which four were rated as critical) have come in for criticism, as once again there was a critical vulnerability fixed in the new Vista OS, rated by Microsoft as its most secure offering. April’s security update fixes a total of seven critical flaws affecting different versions of Windows. For some of these proof-of-concept exploit code has already been released: attackers have been actively exploiting the animated cursor security hole for at least two weeks.

At the same time Microsoft has gone on record to warn users against using a so-called Vista Service Pack 1 preview, distributed by update site HotFix.net and which included security updates and hotfixes for the new operating system. An entry on Vista’s official blog a week ago cautioned users against the update package and Microsoft’s lawyers later served an official “cease and desist” letter on the site, whose owners then removed the link to it.

Users can download April’s security update automatically via Windows Update or manually from Microsoft Technet.