The usual round of updates are in. As today is Patch Tuesday, Windows and Adobe Flash and Air were issued security updates. Microsoft had seven update bundles containing 20 total vulnerabilities in Windows and other Windows software. Adobe released updates for Flash and Air.
Microsoft had four critical patches, and three other updates. A total of seven today.
The critical patches address bugs in Windows, Internet Explorer, Microsoft Silverlight, Microsoft Office and Microsoft SharePoint. Updates are available for Windows XP, Vista, Windows 7, Windows 8, Windows Server 2003, 2008 and 2012.
Either you will receive Automatic Updates, if you’ve set Windows up to do so. Otherwise, go to Start, search Windows Update. Or for Windows 8, search for Windows Update on the Start screen.
Adobe Flash Player/AIR
Adobe has sent updates for Flash Player, now at 11.6.602.180. This is the version for Windows and Mac OS X based systems. Four security flaws were identified, which prompted this fix. No current attacks/exploits have been identified.
Keep in mind that Google Chrome and Internet Explorer 10 (Windows 8) automatically update Flash Player on their own. The update may not be issued for Chrome just yet, but should be soon, we hope.
If you have Adobe AIR installed, which is required for quite a few programs that are built on its architecture (such as Tweetdeck, Pandora Internet Radio, games, etc.). AIR should automatically prompt to update.
Here is the update table for Adobe Flash Player and AIR:
Adobe will release a round of updates on Patch Tuesday (as usual). This month, Patch Tuesday (which involves Microsoft and Adobe, sometimes Oracle) will be on January 8. It’s first updates involve vulnerabilities in Reader and Acrobat products, while the other issues involve ColdFusion vulnerabilities.
“Adobe is aware of reports of security issues in ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX that are being exploited in the wild. We are currently evaluating the reports and plan to issue a security advisory as soon as we have determined mitigation guidance for ColdFusion customers and a timeline for a fix,” said Adobe’s Wendy Poland in an advisory posted January 3.
From the good news side of things, none of these vulnerabilities are being actively exploited in the wild. But, let’s not get too hasty to underestimate threats. Make sure to get patched on Tuesday!
Vulnerabilities in Adobe Reader and Acrobat versions 11.0.0 and earlier are going to be patched next week.
Last month, there were issues in Flash Player and ColdFusion. Looks like these are favorites of hackers as of late.
Protect yourself from vulnerabilities with Kaspersky ONE Security, one good price ($79.95) per year for awesome protection.
Google released a new update for the stable version of Chrome, now at version 23.0.1271.97. All of the supported platforms have an update: Windows, Mac, Linux, and Chrome Frame.
One the issues fixes is involved with a website settings popup having texts trimmed under certain conditions. Another problem fixed involves a Linux bug and consists of <input> selection rendering white text on a white background making the string invisible. Also, repaired is the issue with plugins such as Google Voice and Unity Player that would stop working. This revision also includes the latest version of Adobe Flash.
Check for the latest Chrome download on www.google.com/chrome or in the Chrome browser, hit the settings button on the top right, select About Google Chrome. Usually, Google Chrome updates are automatically applied using Google Updater.
50 million users plus of the Steam gaming and distribution platform are at risk for remote exploits because of vulnerabilities in the platform’s URL protocol handler, researchers at ReVuln wrote in a paper released.
According to ThreatPost, Luigi Auriemma and Donato Ferrante discovered a number of memory corruption issues, including buffer and heap overflows that would allow an attacker to abuse the way the Steam client handles browser requests. Steam runs on Windows, Linux and Mac OSX.
The steam:// URL protocol is used to connect to game servers, load and uninstall games, backup files, run games and interact with news, profiles and download pages offered by Valve, the company that operates the platform. Attackers, Auriemma and Ferrante said, can abuse specific Steam commands via steam:// URLs to inject attacks and run other malicious code on victim machines.
Protect your gaming with BitDefender GameSafe
Now, keep in mind, fake antivirus software, is software that is created to trick the user into “protecting their PC”, but instead installs more malware or attempts to steal their identity/credit card. This is also called a trojan program, which is a generic name for a program that is supposed to do one thing and appears to do so, but actually does the opposite in the background. All of these collectively are scams, and are dangerous to your identity.
Typically, fake antivirus software installs itself, usually by trojans that are distributed to plugin exploits, and begins scanning your computer for malware. As it is scanning, it may report non-existent threats. Sometimes, these fake antivirus programs can install malware first, and then detect it in the scanner. Once it is done scanning, it will provide a list of results and will tell you to upgrade in order to remove it. Usually, the upgrade costs money, and you’re required to pay that money in order to remove the threats found. Most of the time, the rogue programs will not allow you to uninstall them, especially until you pay for it. This is also called ransomware.
The following are variants of Fake Antivirus that Macs will see (in order of popularity of infection):