Microsoft just announced their Patch Tuesday Advanced Noftication for the April 2010 edition of Patch Tuesday.  They are planning on releasing 11 new security bulletins fixing 25 vulnerabilities.

  • 5 bulletins are rated Critical
  • 5 bulletins are rated Important
  • 1 bulletin is rated Moderate
  • 8 bulletins fix vulnerabilities that can lead to Remote Code Execution

This month has both client and server systems being patched.

Affected software:

  • Windows 2000
  • Windows XP (x86 and x64)
  • Windows 2003 (x86 and x64)
  • Windows Vista (x86 and x64)
  • Windows 2008 (x86 and x64)
  • Windows 7 (x86 and x64)
  • Windows 2008 R2
  • Publisher XP, 2003, 2007
  • Exchange Server 2000, 2003, 2007, 2010

Microsoft has stated two security advisories will be closed on Patch Tuesday.  We can assume that two of the operating system patches this month will address VBScript and SMB.

It is interesting to note that some of these products that are having patches released are not affected by the vulnerability.  Microsoft has added a note to these systems with "Severity ratings do not apply to this update because the vulnerability discussed in this bulletin does not affect this software. However, as a defense-in-depth measure to protect against any possible new vectors identified in the future, Microsoft recommends that customers of this software apply this security update."

Murphy's law:  It is better to be safe than sorry.

Tuesday will also mark the scheduled quarterly update from Adobe for Reader and Acrobat.  Adobe released their advanced notification today.  Versions 9.3.1 and 8.2.1 will be patched to fix critical security issues.  Adobe typcially does not state how many or what issues are fixed.  We will have to wait until Tuesday to find out.

As with any patch Tuesday, keep an eye out for other vendors who join in on this patch release day.  (We are looking at you Java 5).

- Jason Miller