Microsoft and Adobe release critical patches

By

Holes plugged in Internet Explorer, Microsoft Office and SQL Server.

Microsoft has released six patches for 11 vulnerabilities as part of its April security update.

Microsoft and Adobe release critical patches

Four of the six fixes on its monthly Patch Tuesday will be rated as ‘critical' and address flaws in Windows, Internet Explorer (including version 9), Office, SQL Server and server software and developer tools.

Three of critical patches plug holes for Windows 7. The remaining two patches, deemed ‘important', fix holes in the Forefront United Access Gateway product and Office.

“So far this year, Microsoft has been issuing a fairly stable number of Patch Tuesday bulletins every month," Andrew Storms, director of security operations at nCircle said.

"We saw seven bulletins in January, nine in February and six in both March and April. This is quite a bit different than their historical pattern of dramatic swings in bulletin volume from month to month."

He said the fourth bulletin had the  potential to cause "serious headaches" because it covered Office, SQL Server, Biztalk, Commerce Server, Visual FoxPro and Visual Basic.

"Any time a bulletin covers such a wide range of products, IT security teams have to pause and think hard about deployment. It also requires some rigorous patch-testing.”

Wolfgang Kandek, CTO at Qualys, said the first bulletin would be the highest priority because it patches a critical vulnerability in all versions of Internet Explorer (6,7,8 and 9) on their respective platforms, XP, 2003, Win7 and 2008, both 32- and 64-bit.

“Bulletin two is the second most critical and updates the Windows operating system, again encompassing all versions, both 64- and 32-bit."

Meanwhile, Adobe will fix critical security flaws in its Reader and Acrobat software for Mac, Windows and Linux operating systems.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

Melbourne dev finds gift card PINs can be brute-forced

Melbourne dev finds gift card PINs can be brute-forced

Department of Health to centralise SecOps model

Department of Health to centralise SecOps model

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Jaguar Land Rover hit by cyber incident

Jaguar Land Rover hit by cyber incident

Log In

  |  Forgot your password?