Adobe Patches (APR-2011)

Adobe has released one patch for this month for Adobe Reader and Acrobat.

These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.
– APSB12-08

Bulletin	Description	Severity	Impact	Software
APSB12-08	Security updates available for Adobe Reader and Acrobat	Remote Code Execution	Important	Adobe Reader and Acrobat

Updates of Adobe Reader and Adobe Acrobat to versions 9.5.1 and 10.1.3.

LINKS:
[1.] Adobe – Security bulletins and advisories (2012-Apr-10) [Adobe]
[2] Adobe April 2012 Black Tuesday Update (2012-Apr-10) [SANS]

Patch Tuesday Wednesday (Apr-2012)

This month Microsoft have released six (6) security bulletins of which four (4) have a maximum rating of Critical, and two (2) having a maximum rating of Important.

As you know, today is Update Tuesday. Before I go into the bulletin details, however, I wanted to let you know that today we’re notifying customers that Windows XP and Office 2003 will go out of support in April 2014. We understand that preparing to deploy the latest versions of Windows and Office may take time for some organizations, and we encourage all customers to upgrade to the latest operating system to help protect your systems.
Now, on to the updates. If you’re running Automatic Updates you’re automatically protected from the issues addressed this month, and for those of you who test and deploy your updates, we’ve offered some details and guidance below.
As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing six security bulletins, four of which are rated Critical in severity, and two Important. [1]

Bulletin	KB number	Description	Severity	Impact	Software
MS12-023	2675157	Cumulative Security Update for Internet Explorer	Remote Code Execution	Critical	Microsoft Windows, Internet Explorer
MS12-024	2653956	Vulnerability in Windows Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows
MS12-025	2671605	Vulnerability in .NET Framework Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Windows, Microsoft .NET Framework
MS12-026	2663860	Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure	Information Disclosure	Important	Microsoft Forefront United Access Gateway
MS12-027	2664258	Vulnerability in Windows Common Controls Could Allow Remote Code Execution	Remote Code Execution	Critical	Microsoft Office, Microsoft SQL Server, Microsoft Server Software, Microsoft Developer Tools
MS12-028	2639185	Vulnerability in Microsoft Office Could Allow Remote Code Execution	Remote Code Execution	Important	Microsoft Office

NOTE: There are several issues with MS12-024 and MS12-027 which should be assessed for impact before deployment in your environment.

PATCH NOW:
MS12-027 (Windows Common Controls), MS12-023 (Internet Explorer)

LINKS:
[1.] Windows XP and Office 2003 countdown to end of support, and the April 2012 bulletins (2012-Apr-10) [MS: MSRC]
[2.] Microsoft April 2012 Black Tuesday Update – Overview (2012-Apr-10) [SANS]
[3.] Microsoft Security Bulletin Summary for April 2012 (2012-Apr-1o) [MS]
[4.] Microsoft security updates for April 2012 (2012-Apr-10) [MS]