One patch from Microsoft, more from Adobe and Oracle
It's a slow security patching month from Microsoft, but Adobe has issued a fix for a critical, zero-day flaw, while Oracle gets in on the action, too.


Microsoft has released a single patch this month, but don't forget to check out serious updates from Adobe or Oracle.
In its monthly patching exercise, Microsoft released just one fix, for a "critical" flaw in Embedded OpenType Font. The vulnerability needs a user to visit a malicious web page before it hurts computers, however.
Adobe released patches for critical vulnerabilities, including one for a zero-day flaw in Reader and Acrobat, which was discovered last month. In its security bulletin, the firm said: "These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system."
Adobe said the flaw is actively being exploited, but at the time of the discovery decided to keep the fix within its regular patching cycle.
"This has been a relatively quiet month in terms of patch updates from Microsoft," said Ben Greenbaum, senior research manager at Symantec Security Response, in a statement.
"However, we would urge users to pay particular attention to the Adobe update which addresses a serious vulnerability where attempts have been made to steal source code from the some of the world's largest organisations including Google," he added.
Oracle also joined in the fun. It's quarterly patch fixed 25 flaws across seven products, including its database engine.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"The majority of the [Oracle] vulnerabilities are remotely exploitable without authentication and IT admins should be taking a close look at the exposure these products have in their networks," Qualys chief technology officer Wolfgang Kandek said in a statement.
He added: "In general database engines should have no necessity to be connected to open networks, but the application servers are very likely exposed."
Freelance journalist Nicole Kobie first started writing for ITPro in 2007, with bylines in New Scientist, Wired, PC Pro and many more.
Nicole the author of a book about the history of technology, The Long History of the Future.
-
What is polymorphic malware?
Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the company
Opinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
Organizations shift away from Oracle Java as pricing changes bite
News A survey from Azul Systems finds that, along with cost, customers cite a preference for open source and the threat of a Java usage audit
-
Why Java 17 growth is ‘exploding’
News Java 17 is now the most popular LTS version, according to application data from New Relic, but what's driving this growth?
-
SuiteWorld 2023: NetSuite's day-two announcements
Live Blog Keep up-to-date with all the day-two announcements from NetSuite SuiteWorld 2023
-
Adobe co-founder John Warnock dies aged 82
News Warnock was pivotal in the development of the PostScript programming language in the early 80s
-
Microsoft defends “negligent” security approach that prolonged vulnerability fix for five months
News The tech giant has refuted claims that its practices have left customers “in the dark”
-
Ubuntu shifts to four-week update cycle
News Critical fixes will also come every two weeks, mitigating the issues involved with releasing prompt patches on the old three-week cadence
-
Can Oracle really be Linux's knight in shining armor?
Opinion The self-proclaimed champion of open source freedom would like you to forget about its history
-
Microsoft angers admins as April Patch Tuesday delivers password feature without migration guidance
News Security fixes include a zero day exploited by a ransomware group and seven critical flaws