Microsoft patches 25 flaws, Adobe goes automatic

Microsoft is to issue 11 patches to fix 25 flaws across Windows, Office and Exchange.

As five of the patches are for critical flaws, Microsoft security communications manager Jerry Bryant advised users to "prepare to test and deploy the bulletins as quickly as possible".

He also noted that, from next week, two security advisories - in Server Message Block and VBScript - will be closed, with no known attacks using either flaw.

Bryant also reminded users that, within a few months, a host of Microsoft software will no longer be be patched.

The Windows Vista RTM will no longer be supported after 13 April, but its SP1 will be supported until 12 July 2011. Windows 2000 will no longer be supported after 13 July, nor will Windows XP Service Pack 2 (SP2).

Of the latter, Bryant said in the Microsoft security blog: "Many customers are still on this version, so we encourage upgrading to Service Pack 3 or to Windows 7 as soon as possible."

Adobe goes auto with updates

Adobe is also set to release an update next Tuesday, which will patch "critical security issues" in Reader and Acrobat, the firm said.

Reader 9.3.2 and Acrobat 8.2.2 will be delivered using Adobe's new updater technology, which the firm has been testing since October last year.

The new system should help the update process become more "streamlined and automated", said Adobe product manager Steve Gottwals in the Reader blog.

"Honoring the user's choice is important to Adobe. This includes the user's update preferences," said Gottwals. "Adobe has no plans to activate the automatic update option by default without prior user consent."

"That said, the security of our users is a key priority for Adobe. The majority of attacks we are seeing are exploiting software installations that are not up-to-date with the latest security fixes," he explained. "We therefore believe that the automatic update option is the best choice for most end-users."