Microsoft and Adobe release critical patches

Microsoft has released six patches for 11 vulnerabilities as part of its April security update.

Four of the six fixes on its monthly Patch Tuesday will be rated as ‘critical' and address flaws in Windows, Internet Explorer (including version 9), Office, SQL Server and server software and developer tools.

Three of critical patches plug holes for Windows 7. The remaining two patches, deemed ‘important', fix holes in the Forefront United Access Gateway product and Office.

“So far this year, Microsoft has been issuing a fairly stable number of Patch Tuesday bulletins every month," Andrew Storms, director of security operations at nCircle said.

"We saw seven bulletins in January, nine in February and six in both March and April. This is quite a bit different than their historical pattern of dramatic swings in bulletin volume from month to month."

He said the fourth bulletin had the  potential to cause "serious headaches" because it covered Office, SQL Server, Biztalk, Commerce Server, Visual FoxPro and Visual Basic.

"Any time a bulletin covers such a wide range of products, IT security teams have to pause and think hard about deployment. It also requires some rigorous patch-testing.”

Wolfgang Kandek, CTO at Qualys, said the first bulletin would be the highest priority because it patches a critical vulnerability in all versions of Internet Explorer (6,7,8 and 9) on their respective platforms, XP, 2003, Win7 and 2008, both 32- and 64-bit.

“Bulletin two is the second most critical and updates the Windows operating system, again encompassing all versions, both 64- and 32-bit."

Meanwhile, Adobe will fix critical security flaws in its Reader and Acrobat software for Mac, Windows and Linux operating systems.

This article originally appeared at scmagazineuk.com