Microsoft, Adobe to release important security patches

BEIJING, April 12 (Xinhuanet) -- Microsoft is to issue 11 security bulletins on Tuesday to fix 25 vulnerabilities in Windows, Microsoft Office, and Exchange. The patches also coincide with a major release of security updates from Adobe Systems.

According to an advanced notification released by Microsoft, the double-digit security bulletin, which will be released by the company on April 13th, 5 out of 11 security updates have been labeled as 'Critical' and are related to remote code execution affecting Microsoft Windows. Five other vulnerabilities have been categorized as 'Important' and affect Windows, Office and Exchange, whereas one update is 'moderate' and relates to spoofing in the Windows OS.

Microsoft's flagship operating system, Windows 7, will also be served with four of the 11 security updates, including a patch for the recently discovered VB script F1 vulnerability in which users who pressed F1 after being prompted by a website, received malicious content which was injected into their PCs.

Disclosed on March 1, it affects older versions of Windows running Internet Explorer. The patch is being release despite the fact the vulnerability does not affect Windows 7 PCs. Commenting on the unnecessary Windows 7 patch, Microsoft said in a security bulletin that it “recommends that customers of this software apply this security update as a defense-in-depth measure.”

The other advisory to be closed is 977544, which involves a hole in Server Message Block (SMB) protocol that could allow a denial-of-service attack and that dates back to November. Software affected by the updates includes Windows 2000, XP, Vista, Windows 7, Server 2003, Server 2008, Office XP, Office 2003, 2007 Microsoft Office System and Exchange Server 2000, 2003, 2007, and 2010.

Also on Tuesday, Adobe Systems will release security updates for Reader and Acrobat via a new update system. Adobe has quarterly security update releases that coincide with Microsoft's Patch Tuesdays. The updates affect Adobe Reader 9.3.1 for Windows, Mac, and Unix, Acrobat 9.3.1 for Windows and Mac, and Reader 8.2.1 and Acrobat 8.2.1 for Windows and Mac.

The company has been testing the updater technology with a sample of customers since Oct. 13. Users can set the system to automatically update, meaning the software will be downloaded and installed after it is available from Adobe, or semi-automatically so that the update is downloaded automatically but the user chooses when to install it.