Tag Archive | Patch Tuesday

April Security Updates: Critically Patching Windows, Flash Player, and Shockwave Player

As usual for Patch Tuesday, many security updates were issued. I’m here to provide all the details for these critical updates. Not only did Windows get patched, but Adobe Flash and Shockwave Players did too.

Microsoft released a span of nine patch bundles, plugging security holes in Windows and other products. Separately, Adobe did its usual thing, and took part in Patch Tuesday as well for updates to Adobe Flash and Shockwave Players.

A cumulative update was made to Internet Explorer, which fixed two critical vulnerabilities present in almost all versions of Internet Explorer (in history). It should be noted that this includes IE 9 and 10.

There were many other updates for Windows worth noting.

Either you will receive Automatic Updates, if you’ve set Windows up to do so. Otherwise, go to Start, search Windows Update. Or for Windows 8, search for Windows Update on the Start screen.

 

Other than that, Adobe brings an update to Adobe Flash Player for Windows and Mac to v. 11.7.700.169. Linux should be updated to 11.2.202.280. Android 4.x+: 11.1.115.54 and 2.x-3.x: 11.1.111.50.

Keep in mind that Google Chrome and Internet Explorer 10 (Windows 8) automatically update Flash Player on their own.

Shockwave Player should be updated as well to v. 12.0.0.122! For these updates, go to www.Adobe.com

You should be able to update to Adobe AIR, which will help secure your computer even further from vulnerability. If you have Adobe AIR installed, which is required for quite a few programs that are built on its architecture (such as Tweetdeck, Pandora Internet Radio, games, etc.). AIR should automatically prompt to update.

Urgent Security Fixes Issued for Windows, Adobe Flash Player & AIR

Windows

The usual round of updates are in. As today is Patch Tuesday, Windows and Adobe Flash and Air were issued security updates. Microsoft had seven update bundles containing 20 total vulnerabilities in Windows and other Windows software. Adobe released updates for Flash and Air.

Microsoft had four critical patches, and three other updates. A total of seven today.

The critical patches address bugs in Windows, Internet Explorer, Microsoft Silverlight, Microsoft Office and Microsoft SharePoint. Updates are available for Windows XP, Vista, Windows 7, Windows 8, Windows Server 2003, 2008 and 2012.

Either you will receive Automatic Updates, if you’ve set Windows up to do so. Otherwise, go to Start, search Windows Update. Or for Windows 8, search for Windows Update on the Start screen.

Adobe Flash Player/AIR

Adobe has sent updates for Flash Player, now at 11.6.602.180. This is the version for Windows and Mac OS X based systems. Four security flaws were identified, which prompted this fix. No current attacks/exploits have been identified.

Keep in mind that Google Chrome and Internet Explorer 10 (Windows 8) automatically update Flash Player on their own. The update may not be issued for Chrome just yet, but should be soon, we hope.

If you have Adobe AIR installed, which is required for quite a few programs that are built on its architecture (such as Tweetdeck, Pandora Internet Radio, games, etc.). AIR should automatically prompt to update.

Here is the update table for Adobe Flash Player and AIR:

flash-air

 

Patch Tuesday: A Fat One After All! Windows, Adobe Updates Galore!

Microsoft and Adobe have issued their round of updates today, as of 1 PM EST. The below details what was fixed.

First, Microsoft…Five of the 12 patches Microsoft released today earned “critical” acclaim. This means that attackers could exploit such vulnerabilities at any time.

Some of the vulnerabilities include: Windows implementation of Vector Markup Language (VML), Microsoft Exchange, and flaws in the way Windows handles certain media files. The remaining (critical) patch fixes a flaw only on Windows XP systems.

In today’s update, a patch for .NET may be included. This should be installed separately for best results. Install all other updates, and then do the .NET patch. This seems to be the  best plan.

Adobe fixes Flash and Shockwave Players:

APSB13-05 tells about the fixes for CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638 and CVE-2013-0637. The fixes are for Flash Player, AIR and AIR SDK.

APSB13-06 tells about the fixes for CVE-2012-0613 and CVE-2012-0636 in the Shockwave Player.

Here are the new versions:

Flash Player

Windows, 11.6.602.168

Mac, 11.6.602.167

Linux, 11.2.202.270

Android 4.x, 11.1.115.47

Android 2.x-3.x, 11.1.111.43
Adobe AIR

Windows, Mac, & Android, 3.6.0.597
Adobe AIR SDK

Windows, Mac, & Android, 3.6.0.599

Adobe AIR Update Link

Google pushed out today it’s channel update for Chrome for Flash Player.

57 Security Fixes Being Prepped by Microsoft for Tuesday!

Patch Tuesday is approaching in a few days with 57 security fixes by Microsoft. The company detailed the fixes in its latest security bulletin.

According to Microsoft, every version, 6-10, of Internet Explorer needs to be patched! They are all vulnerable to drive-by exploit attacks. A simple boobytrapped webpage can lay out many victims in its path with this vulnerability.

Five of the twelve updates are given the title of “critical”. Some of the updates are for Windows, Server, Office, and .NET Framework. These patches are set to be released on February 12th at 1:00 PM EST.

Adobe’s Patch Tuesday for Acrobat/Reader – ColdFusion Problems

Adobe will release a round of updates on Patch Tuesday (as usual). This month, Patch Tuesday (which involves Microsoft and Adobe, sometimes Oracle) will be on January 8. It’s first updates involve vulnerabilities in Reader and Acrobat products, while the other issues involve ColdFusion vulnerabilities.

“Adobe is aware of reports of security issues in ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX that are being exploited in the wild. We are currently evaluating the reports and plan to issue a security advisory as soon as we have determined mitigation guidance for ColdFusion customers and a timeline for a fix,” said Adobe’s Wendy Poland in an advisory posted January 3.

From the good news side of things, none of these vulnerabilities are being actively exploited in the wild. But, let’s not get too hasty to underestimate threats. Make sure to get patched on Tuesday!

Vulnerabilities in Adobe Reader and Acrobat versions 11.0.0 and earlier are going to be patched next week.

Last month, there were issues in Flash Player and ColdFusion. Looks like these are favorites of hackers as of late.

Protect yourself from vulnerabilities with Kaspersky ONE Security, one good price ($79.95) per year for awesome protection.

December Patches are in: Microsoft and Adobe have updates ready for Black Tuesday

Well it’s Patch Tuesday, or what some people call “Black” Tuesday.

Seven security bulletins were released for Microsoft products, which were about 11-12 vulnerabilities at least being patched. Could be more on some systems.

Current bulletins for this round:

  1. MS12-077 Cumulative Security Update for Internet Explorer
  2. MS12-078 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
  3. MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution
  4. MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution
  5. MS12-081 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
  6. MS12-082 Vulnerability in DirectPlay Could Allow Remote Code Execution
  7. MS12-083 Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass

(Key: ImportantCritical)

For the December Adobe Updates…The updates are for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.251 and earlier versions for Linux, Adobe Flash Player 11.1.115.27 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and 2.x, Adobe said.

The three updates fix a buffer overflow vulnerability, integer overflow vulnerability and a memory corruption vulnerability, all three of which could lead to code execution, Adobe also said.

There is also a security hotfix available to fix misc. vulnerabilities in ColdFusion. Get updates for Adobe products at Adobe.com.

Stay protected from vulnerabilities entirely and get $30 off this month for Kaspersky products: Kaspersky E-Store

Microsoft issues usual Patch Tuesday – November 2012 – includes Windows 8 & RT updates

Microsoft has issued the usual Patch Tuesday round of updates, but this time – guess what? Windows 8 updates are included, as well as for RT. Isn’t that wonderful?

19 flaws have been fixed in this round of updates. All are being updated in six bulletins this month. These bulletins are listed as MS12-071 through MS12-076. Four are rated critical and two of them urgent.

Now, some have asked about Internet Explorer 10 being vulnerable yet…not at this time. It is not currently vulnerable to the current set of three related flaws in Internet Explorer 9.

However, a font parsing flaw has been found, which could affect Windows 8, as noted in CVE-2012-2897.

Here is a general CVE list of the latest vulnerabilities fixed in the current round:

Current Microsoft Security Bulletin Page

 

%d bloggers like this: