Friday, April 9, 2010

Patch Tuesday Heads-up - Microsoft, Adobe & Oracle

http://blogs.zdnet.com/security/?p=6070

Microsoft plans to release 11 security bulletins on Tuesday April 13, 2010 to fix 25 documented vulnerabilities that expose Windows users to remote code execution attacks. Five of the 11 bulletins will be rated “critical,” Microsoft’s highest severity rating. The flaws affect all versions of Windows, including the company’s newest Windows 7 operating system. The vulnerabilities will address security holes in Windows, Microsoft Office, and Microsoft Exchange, according to Jerry Bryant, a group manager in Redmond’s security response center.
More info here and here.

----------------------------------------------------

http://blogs.zdnet.com/security/?p=6075

Adobe today announced plans to ship a critical security patch next Tuesday (April 13, 2010) to fix multiple high-risk security holes in its Reader and Acrobat product lines. The patches will be released alongside a new automatic updater software that the company hopes will speed up the downloading and deployment of its security fixes. The security fixes in this Reader/Acrobat patch batch will apply to Windows, Macintosh and UNIX users. The new updater, which was first shipped in a passive state last October, will be turned on for all readers from next week to keep end-users up-to-date in a much more streamlined and automated way, according to Adobe’s Steve Gottwals. He said the new updater will be activated for all users needing Adobe Reader and Acrobat 9.3.2 and 8.2.2 for Windows and Macintosh.
More info here and here.

----------------------------------------------------

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html

This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for April 2010, which will be released on Tuesday, April 13, 2010. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Starting April 2010, the Critical Patch Update includes security vulnerabilities in Sun Solaris. This Critical Patch Update contains 47 new security vulnerability fixes across hundreds of Oracle products. 16 out of 47 vulnerabilities are in Sun Solaris. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.


Also, Oracle recently announced they are moving Sun Solaris into a quarterly patch release cycle. Users of the Sun Microsystems operating system will now know months in advance when they will be getting security updates.

No comments:

Post a Comment