Patch mania, it's not just Patch Tuesday

Time to get patching again. It's a nice bunch and especially browser related bugs. Perfect for those drive-by downloads.

Microsoft released their advance notification about this upcoming Patch Tuesday. Looks like system administrator have their work cut out for them: 8 security advisories (5 critical and 3 important), as well as some other non-security patches.

More information is available at http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx.

Then it's Apple turn again with QuickTime 7.4.5. Apple has released QuickTime 7.4.5 to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or obtain sensitive information.

More information is available at Apple knowledgebase article HT1241 and you advised to upgrade to Quicktime 7.4.5

Also Opera released a new version of their browser (9.27) that fixes two remotely exploitable vulnerabilities (http://www.opera.com/support/search/view/881/ and http://www.opera.com/support/search/view/882/).

The update can be downloaded from http://www.opera.com/download/.

A severe security vulnerability exists in RealNetworks' RealPlayer software.

The flaw can allow malicious access to user's PC. The flaw can be used by creating an amended RealMedia file and to use that file to cause a buffer overflow on user's PC. So, it is not possible to "attack" your RealPlayer, but if you open a RealMedia file from suspectible website or download one from the Net, it might contain alterations that allow exposing this security hole. An exploit for this vulnerability was posted on milw0rm on the 1st of April and is actively being exploited.

RealNetworks has issued a patch for the problem. Patch can be downloaded from here:
http://www.service.real.com/help/faq/security/040123_player/EN/

Last but not least, Adobe will release an update for Flash in the coming days. This exploit was exposed during the PWN to OWN hack contest during which Vista was hacked. A combination of a vulnerability in flash together with Java, was the downfall of Vista.

So keep an eye on the Adobe advisories. You can use Secunia PSI to detect any other system components that needs patching.

Related articles:

• Java patches out and MS Office patches on the horizon
• Patching, Damned if you do, Damned if you don't
• Massive amounts of vulnerabilities are making a lot of PCs vulnerable
• Quicktime flaw (AGAIN)
• Oracle security patches are seldom applied
• Flood of vulnerabilities coming our way
• Adobe Acrobat and Reader security patch finally released
• QuickTime update closes security hole