Patch Tuesday April 2011

For Patch Tuesday April 2011 Microsoft seems to be making another record breaking attempt at releasing a large number of patches.

Also, there is yet another Adobe Flash exploit out that is already in use (a 0-day exploit). First, the Microsoft updates:

Window Update
This is what Window Update looks like in the start menu

This month Microsoft has 17 bulletins covering 64 vulnerabilites.

That’s a lot! On Windows XP, I have seen up to 26 updates with many machines running over 20 critical updates. On Windows 7 I have seen at least 10.

There are many critical patches this month.

Several of the exploits that are patched are currently in use, so patching as soon as possible should be a priority. Critical patches exist for all versions of Windows. You can expect to need to reboot your computer this month after the updates are installed.

Here’s a video on updating Windows XP:

[mc src=”http://www.youtube.com/watch?v=2coTJHY8O-8″ type=”youtube”]How To Update Windows XP Manually[/mc]

Again, I suggest running Windows update as soon as you can if you are not sure your computer has updated.

Now, about the latest Adobe Flash exploit.

Adboe Flash Player Icon
Adobe Flash Player

Adobe announced a 0-day exploit affecting Flash on Monday. Adobe expects to have a patch out on Friday April 15th. Adobe says the exploit has been seen on malicious web pages and on Flash embedded in Microsoft Word files. The exploit has the potential to be used on virtually all operating systems using Adobe Flash.

What is Flash and why is it on your computer?

Flash is used to show video, animations, and even run games on web pages. The Adobe Flash Player is a plug-in for most browsers and is installed on the majority of computers (with the notable exception of Apple iPhone and iPad which Apple has not allowed). Because Flash can run in nearly any computer, animations and video can easily be added to a website and viewed on any computer or device that can view Flash. It even allows games to be downloaded in a browser and played on different types of computers.

Expect to patch Adobe Flash Player on Friday.

If your not sure your Flash installation is updated, you should be able to check manually later Friday by going to Adobe.com using Internet Explorer and clicking on the install Flash button.

An interesting point in this is Adobe Reader X for Windows using it’s default protected mode will not allow malware infection using this Flash exploit. Older Adobe Reader versions and Adobe PDF Readers for other operating systems like Mac could be affected as they do not have the sandbox technology. Adobe will be releasing updates for these other readers  a bit later in the month. Reader X for Windows will get an update June 14th. Right now, you are more likely to be infected from a webpage or Microsoft Office file though instead of a PDF file.

Here’s a video for updating Flash:

[mc src=”http://www.youtube.com/watch?v=qL2mmSSfKks” type=”youtube”]How To Uninstall Adobe Flash In Windows 7[/mc]

That’s all for this time (it’s enough already) :)