April 2012 Patch Tuesday Preview

Today Microsoft released its Advanced Notification for April 2012 with six bulletins addressing 11 vulnerabilities. Four of the bulletins are rated critical, two are rated important. The bulletins affect all versions of Windows, Internet Explorer and Microsoft Office, plus some of Microsoft’s developer tools.

Bulletin 1 will be the highest priority. It is a critical vulnerability affecting all versions of Internet Explorer (6,7,8,9) on their respective platforms XP, 2003, Win7 and 2008 both 32 and 64 bit. Bulletin 2 is the second most critical and updates the Windows operating system, again encompassing all versions, both 64- and 32-bit. Bulletin 3 is a critical update to the .NET framework. Bulletin 4 will be challenging as it addresses a wide variety of applications including server side software. It is critical and applies to all versions of Microsoft Office, but also to SQL Server and other Microsoft server products.

One of the important bulletins also deserves attention, at least for Office 2007 SP2 users. Bulletin 6 is rated important, but allows Remote Code Execution on that platform, probably using a maliciously crafted input file as the attack vector.

Google also released a new version of its Chrome Browser today. It fixes multiple vulnerabilities and includes the updates made to Adobe Flash last week in the wake of the PWN2OWN contest at CanSecWest. If you are using Chrome you should check in the "About Chrome" page to see whether you have received the automatic update already – there should be a green checkbox.