Microsoft released the promised three patches on Tuesday, including one critical, as part of its regular Patch Tuesday update cycle.

The critical patch in the batch (MS09-006) covers input validation vulnerabilities in the Windows kernel. The flaws create a possible mechanism for hackers to inject hostile code onto vulnerable systems, although there are no known exploits.

Probably more important than any of the three updates is the absence of a fix for an unpatched Excel vulnerability, which has been the target of hacking attacks over recent weeks.

Microsoft's Patch Tuesday update summary can be found here. An overview from the SANS Institute's Internet Storm Centre is here.

In other security update news, Adobe released a much anticipated Adobe Acrobat fix on Tuesday. Version 9.1 of the software addresses a JBIG2 buffer overflow vulnerability that's become the target of hacking attack over the last three weeks or so. FoxIT released a patch addressing a similar vulnerability in its alternative PDF viewing software earlier this week.

Older versions of Adobe Reader and Acrobat are vulnerable to the same security bug. Adobe said updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, should be ready by 18 March. Updated Adobe Reader 9.1 for Unix software is due a week later, on 25 March.

A more detailed look at the challenges of keeping Adobe software up to date can be found in our earlier analysis story here. ®

Related stories

• MS warns of bumper patch batch (5 June 2009)
• Microsoft to patch 'critical' PowerPoint hole (7 May 2009)
• Excel bulletin stars in Microsoft patch batch (15 April 2009)
• Crackers latch onto year-old Windows token vuln (18 March 2009)
• Updated The long road to Reader and Flash security Nirvana (10 March 2009)
• Conficker gets upgraded with defenses (7 March 2009)
• March patch Tuesday omits Excel fix (6 March 2009)
• Excel Trojan targets unpatched flaws (25 February 2009)
• MS lines up two critical updates for Patch Tuesday (6 February 2009)