Microsoft plugs 34 holes; Adobe fixes Flash Player bug

Microsoft released 16 security bulletins today fixing 34 holes, including critical holes in Windows, SMB Client and Internet Explorer, while Adobe Systems fixed a hole in Flash Player that was reportedly being targeted in attacks.

Adobe's quarterly security bulletins include critical updates for Flash Player, Shockwave Player, and Adobe Reader and Acrobat. Meanwhile, Adobe said it will now offer users the opportunity to turn automatic update on by default.

Nine of Microsoft's bulletins are rated "critical" and the remainder are rated "important. There are four "critical-level" updates that Microsoft said in a blog post should be addressed first. They are:

• MS11-042, which fixes vulnerabilities in the distributed file system that affects all versions of Windows.

• MS11-043, which closes a hole in SMB Client on Windows.

• MS11-050, which is a cumulative bulletin resolving 11 bugs in Internet Explorer.

• MS11-052, which fixes a vulnerability in the Microsoft implementation of Vector Markup Language and affects Windows and Internet Explorer 6, 7 and 8.

Affected software includes Windows XP, Vista, Windows 7, Windows Server 2003 and 2008, Office XP, 2003, 2007, 2010, Office 2004 and 2008 for Mac, SQL Server 2005 and 2008, Silverlight 4, Visual Studio 2005, 2008 and 2010, and Forefront Threat Management Gateway 2010 Client. More details are in the security advisory.

Microsoft also gave an update to a change it made in Windows in February. Disabling Autorun in order to make using USB thumb drives safer appears to be having an affect, Microsoft said. As of May, infections detected by the Malicious Software Removal Tool per scanned computer declined by 59 percent on Windows XP machines and by 74 percent on Windows Vista machines compared with the 2010 infection rates on those platforms. (The updated Autorun settings were built in by default on Windows 7.)