Microsoft Patch Tuesday Preview, April 2012

April 5, 2012

Today, in keeping with its usual schedule,  Microsoft released its Security Bulletin Advanced Notification for April, previewing the security fixes it intends to release next Tuesday, April 10.   Microsoft plans to release six security bulletins this month.  Three are for Windows and its components; all of these have a maximum severity rating of Critical.  All  supported versions of Windows are affected.   The table below shows the breakdown of patches by Windows version and severity:

Windows Version Critical Important Moderate
Windows XP+SP3 3
Windows Vista 3
Windows Server 2003 2 1
Windows Server 2008 2 1
Windows 7 3
Windows Server 2008 R2 2 1

There is also a bulletin for Microsoft Office, rated Important; one for Microsoft Forefront Unified Access Gateway, also rated Important; and one rated Critical, that affects Office, SQL Server, and other server software and development tools.  (See the Advanced Notification for details.)

According to Microsoft, two of the Windows bulletins will require a system restart, and the other bulletins may require one, depending on your system’s configuration.

As always, this information is subject to change between now and the actual release of the bulletins next Tuesday.  I will post a note here once the actual updates are available.

Google Releases Chrome 18·0·1025·151

April 5, 2012

Google has released a new version, 18·0·1025·151, of its Chrome browser, for all platforms: Windows, Linux, Mac OS X, and Chrome Frame.  This new version fixes twelve identified security flaws, seven of which Google rates as High severity.  It also fixes a number of miscellaneous bugs; further information on these changes is in the release announcement.

This release also incorporates an updated version of the bundled Adobe Flash Player.  This does not represent a general update of the player, but is specific to Chrome, and fixes two memory corruption vulnerabilities (not included in the numbers above).  According to an amended version of Adobe Product Security Bulletin 12-07, released today,

The Google Chrome version 18.0.1025.151 update addresses two Flash Player memory corruption vulnerabilities in the Chrome interface (Google Chrome only) (CVE-2012-0724, CVE-2012-0725).

Windows and Mac users should get the new version via the built-in update mechanism.  Linux users should get the updated package from their distributions’ repositories, using their standard package maintenance tools.  You can verify that your system has been updated by clicking on the tools menu (the little wrench), and then on “About Google Chrome”.

%d bloggers like this: