Today is "Microsoft Tuesday" --- the SECOND Tuesday of the month --- on which Microsoft is expected to release its monthly cycle of Windows/critical security updates. Based on previous history, they should become available at 1 PM [USA - Eastern Daylight Saving Time].
Please use Windows/Automatic updates to determine which updates --- if any --- are applicable to your particular system.
Today is also [a quarterly] "Adobe Tuesday": Adobe is planning to release security updates for Adobe Reader/Acobat X (10.1.2).
Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]
The following updates are rated CRITICAL:
MS12-023 Cumulative Security Update for Internet Explorer (2675157)
MS12-024 Vulnerability in Windows Could Allow Remote Code Execution (2653956)
MS12-025 Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)
MS12-027 Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)
The following updates are rated IMPORTANT:
MS12-026 Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)
MS12-028 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185)
Windows Malicious Software Removal Tool (MSRT) for APRIL, version 4.7
32-bit for Win 7/Vista/XP/Server2003 http://www.microsoft.com/download/en/details.aspx?id=16
x64-bit version http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=9905
This month's tool adds detection/removal of:
Win32/Claretore - "a trojan that injects malicious code into Windows processes to interecept web browser communication, and may monitor user activity and send stolen information to a remote website. The trojan could also redirect the web browser to an attacker-specified URL".
Win32/Bocinex - "a family of malware that launches a Bitcoin mining client, detected as Program:Win32/CoinMiner. The client is configured to attribute newly generated Bitcoin digital cash, or "BTC", to an attacker's Bitcoin account".
Win32/Gamarue - "a family of malware that may be distributed by exploit kits, spammed emails or other malware, and has been observed stealing information from an affected user".
EDIT: for additional information onWin32/Claretore, see http://blogs.technet.com/b/mmpc/archive/2012/04/10/msrt-april-2012-win32-claretore.aspx
Adobe Reader X for Windows
Sequential update (from 10.1.x) to 10.1.3 http://www.adobe.com/support/downloads/detail.jsp?ftpID=5358
for details of this update: http://helpx.adobe.com/content/dam/help/attachments/Acrobat_Reader_ReleaseNote_10.1.3.pdf
For what it's worth: Today's Adobe Reader updates its included version of Flash Player ( authplay.dll ) to version 10.3.183.18. As we are aware, the latest series/version of Flash is 220.127.116.11. For whatever reason, it seems that some people can't (or don't want to??) upgrade Flash from the older 10.x series to the newer 11.x series, and as such, Adobe doesn't want to force the issue... I've found the following statement in Adobe Security Bulletin apsb12-07:
"For users who cannot update to Flash Player 18.104.22.168, Adobe has developed a patched version of Flash Player 10.3, Flash Player 10.3.183.18"
[See the second paragraph under SOLUTION http://www.adobe.com/support/security/bulletins/apsb12-07.html ]
This bug fix release addresses several issues that were reported shortly after the release of version 3.66.
Use the internal updater... or download the program from http://www.sandboxie.com/index.php?DownloadSandboxie