Well it’s Patch Tuesday, or what some people call “Black” Tuesday.
Seven security bulletins were released for Microsoft products, which were about 11-12 vulnerabilities at least being patched. Could be more on some systems.
Current bulletins for this round:
- MS12-077 Cumulative Security Update for Internet Explorer
- MS12-078 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
- MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution
- MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution
- MS12-081 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
- MS12-082 Vulnerability in DirectPlay Could Allow Remote Code Execution
- MS12-083 Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass
(Key: Important – Critical)
For the December Adobe Updates…The updates are for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 184.108.40.206 and earlier versions for Linux, Adobe Flash Player 220.127.116.11 and earlier versions for Android 4.x, and Adobe Flash Player 18.104.22.168 and earlier versions for Android 3.x and 2.x, Adobe said.
The three updates fix a buffer overflow vulnerability, integer overflow vulnerability and a memory corruption vulnerability, all three of which could lead to code execution, Adobe also said.
Quite a week in the vulnerabilities sector, as Adobe already fixed quite a few flaws in Flash Player and AIR. Now, Apple has fixed nine vulnerabilities in QuickTime. Meanwhile, Adobe has ignored the Reader flaws that are currently pending, and could be exploited soon.
For QuickTime, most of the vulnerabilities were for buffer overflows. QuickTime is Apple’s media playback technology. Only Windows users XP SP2 and Up have to update – Mac OS X was not affected. See the security update from Apple for more information on what was fixed. You can update on QuickTime by visiting http://www.apple.com/QuickTime
As for Adobe Reader…well that’s a long story. Here’s the short version of it… A Moscow-based security firm, Group-IB, has identified a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. The vulnerability has an ability to sidestep Adobe Reader’s sandboxing mechanism, in order to exploit the code. Only working on Windows, the exploit requires users to close the web browser for it to work correctly.
Adobe spokespeople state the problem cannot be identified, and therefore there is nothing to fix.
To keep your computer protected from exploits, please see the following: