« Return To List

Patch Tuesday April 2011 Report

After a relatively quiet March update, Microsoft set a new record for April's "Patch Tuesday" with 64 security vulnerabilities receiving patches. The previous record for most vulnerabilities to be patched in a month was October 2010 with 49 requiring patches to be fixed. Out of the 64 updates, 30 of them were related to the Windows kernel which is a key part of the Windows operating system.

Patch TuesdayInternet Explorer 6, 7 and 8 were patched from vulnerabilities that allow a malicious website to compromise a PC without the user having to do anything at all. Internet Explorer 9 was not affected by these issues. One of the vulnerabilities was found at the Pwn2own hacking contest in March and is being used for attacks.

Meanwhile Adobe has issued an alert regarding a zero-day exploit in their Flash Player. A zero-day exploit is a vulnerability that is actively being exploited by some method. The current exploit uses a malicious Flash file that is embedded in a Microsoft Word document and emailed to users. According to Adobe the vulnerability exists in Flash Player and earlier on Windows, Mac, Linux and Solaris. The same vulnerability exists in Adobe Reader, although they say they aren't aware of any attacks being made through PDF files. They don't currently have a patch for Flash, and they aren't planning on updating Adobe Reader until their next quarterly update scheduled for June 14, 2011.

« Return To List