This April Patch Tuesday produces some workload for administrators – and also users should install the offered updates as soon as possible.
As announced, Microsoft released 11 security bulletins. The patches close plenty security vulnerabilities, some of them critical. Interesting flaws are within the MP3 codec or Authenticode – the digital signature of executable files. Due to the flaw it was possible to modify executables without invalidating the signature. Some of the flaws allow for malware to compromise the system without much user interaction, so installing the updates now is a good idea.
Adobe Reader and Acrobat 9.3.2 are available for download and through the update mechanism as well. They close 15 security holes in older versions of the software. More details on the vulnerabilities are available in Adobes security advisory. The company advises to install the updates as they deal with critical rated vulnerabilities.
For database administrators, Oracle has a major update available. The April CPU (critical patch update) closes 47 security holes in the Oracle products. Some of them can be exploited by attackers over the net without authentication, so applying the patches should happen soon.