Tag Archive | Windows Update

April Security Updates: Critically Patching Windows, Flash Player, and Shockwave Player

vulnerability

As usual for Patch Tuesday, many security updates were issued. I’m here to provide all the details for these critical updates. Not only did Windows get patched, but Adobe Flash and Shockwave Players did too.

Microsoft released a span of nine patch bundles, plugging security holes in Windows and other products. Separately, Adobe did its usual thing, and took part in Patch Tuesday as well for updates to Adobe Flash and Shockwave Players.

A cumulative update was made to Internet Explorer, which fixed two critical vulnerabilities present in almost all versions of Internet Explorer (in history). It should be noted that this includes IE 9 and 10.

There were many other updates for Windows worth noting.

Either you will receive Automatic Updates, if you’ve set Windows up to do so. Otherwise, go to Start, search Windows Update. Or for Windows 8, search for Windows Update on the Start screen.

 

Other than that, Adobe brings an update to Adobe Flash Player for Windows and Mac to v. 11.7.700.169. Linux should be updated to 11.2.202.280. Android 4.x+: 11.1.115.54 and 2.x-3.x: 11.1.111.50.

Keep in mind that Google Chrome and Internet Explorer 10 (Windows 8) automatically update Flash Player on their own.

Shockwave Player should be updated as well to v. 12.0.0.122! For these updates, go to www.Adobe.com

You should be able to update to Adobe AIR, which will help secure your computer even further from vulnerability. If you have Adobe AIR installed, which is required for quite a few programs that are built on its architecture (such as Tweetdeck, Pandora Internet Radio, games, etc.). AIR should automatically prompt to update.

Urgent Security Fixes Issued for Windows, Adobe Flash Player & AIR

myupdates

Windows

The usual round of updates are in. As today is Patch Tuesday, Windows and Adobe Flash and Air were issued security updates. Microsoft had seven update bundles containing 20 total vulnerabilities in Windows and other Windows software. Adobe released updates for Flash and Air.

Microsoft had four critical patches, and three other updates. A total of seven today.

The critical patches address bugs in Windows, Internet Explorer, Microsoft Silverlight, Microsoft Office and Microsoft SharePoint. Updates are available for Windows XP, Vista, Windows 7, Windows 8, Windows Server 2003, 2008 and 2012.

Either you will receive Automatic Updates, if you’ve set Windows up to do so. Otherwise, go to Start, search Windows Update. Or for Windows 8, search for Windows Update on the Start screen.

Adobe Flash Player/AIR

Adobe has sent updates for Flash Player, now at 11.6.602.180. This is the version for Windows and Mac OS X based systems. Four security flaws were identified, which prompted this fix. No current attacks/exploits have been identified.

Keep in mind that Google Chrome and Internet Explorer 10 (Windows 8) automatically update Flash Player on their own. The update may not be issued for Chrome just yet, but should be soon, we hope.

If you have Adobe AIR installed, which is required for quite a few programs that are built on its architecture (such as Tweetdeck, Pandora Internet Radio, games, etc.). AIR should automatically prompt to update.

Here is the update table for Adobe Flash Player and AIR:

flash-air

 

Microsoft issues usual Patch Tuesday – November 2012 – includes Windows 8 & RT updates

Windows Updates

Microsoft has issued the usual Patch Tuesday round of updates, but this time – guess what? Windows 8 updates are included, as well as for RT. Isn’t that wonderful?

19 flaws have been fixed in this round of updates. All are being updated in six bulletins this month. These bulletins are listed as MS12-071 through MS12-076. Four are rated critical and two of them urgent.

Now, some have asked about Internet Explorer 10 being vulnerable yet…not at this time. It is not currently vulnerable to the current set of three related flaws in Internet Explorer 9.

However, a font parsing flaw has been found, which could affect Windows 8, as noted in CVE-2012-2897.

Here is a general CVE list of the latest vulnerabilities fixed in the current round:

Current Microsoft Security Bulletin Page

 

Fake Windows Update emails attempt to steal Yahoo!, Gmail, and Outlook mail passwords

It is now known that emails that apparently come from “privacy@microsoft.com” are fraudulent, especially if they involve subjects such as Microsoft Windows Update. Lately, there has been a rise in the email spam targeting vulnerable users of very popular companies, we reported about Chase bank.

The attack from the “privacy@microsoft.com” is an attempt to try to steal Yahoo!, Gmail, AOL, or Outlook.com (Windows Live formerly) passwords.

The body text:

Dear Windows User,
It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.

This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click on the Verify button below and enter your login information on the following page to confirm your records.

VERIFY

Thank you,

Microsoft Windows Team.

To see an actual image, see the one from Naked Security.

More on this, see the post from Naked Security.

September Patch Tuesday 2012 updates

Here’s a small update to yesterday’s Patch Tuesday. Microsoft seemed to have only two critical fixes…

The first patch, MS12-061, applies to Microsoft Visual Studio Team Foundation Server. The other update, MS12-062, fixes a flaw in Microsoft Systems Management Server 2003 and Microsoft System Center Configuration Manager 2007.

Note to system administrators: Microsoft is urging you to test out the following update: KB2661254, which is an update to help mitigate the risks associated with the Flame malware. It won’t be released until October. But, it is available for testing purposes. It is best ot thicken your SSL certifications.

As for Adobe updates… The most important bulletin is APSB12-19 which fixes seven vulnerabilities in Flash Player. More details on that here.

 

Patch Tuesday This Month Was a Huge Hit!

Vulnerability

Patch Tuesday this month (June 2012) was quite a show of vulnerability patching.
From Microsoft Updates to Oracle Updates!

Oracle Updates

Java Standard Edition needed patched big time, Oracle notes. 14 vulnerabilities were found recently, which ensured the update. It is recommended to patch immediately from Java.com, because six of the vulnerabilities received the highest possible common vulnerability scoring system (CVSS) rating.

If 12 out of 14 vulnerabilities stay unpatched, they are remotely exploitable, which means they present a HUGE security risk!

This update addresses security vulnerabilities in the Java development kit (JDK) and runtime environment (JRE) version 7 update 4 and earlier, JDK and JRE version 6 update 32 and earlier, JDK and JRE update 35 and earlier, JDK and JRE 1.4.2 update 37 and earlier, and JavaFX 2.1 and earlier.

Oracle gives credit for reporting these vulnerabilities to Adam Gowdiak of Security Explorations, Andrei Costin of Secunia, Chris Ries of TippingPoint, and Clayton Smith of Entrust.

Microsoft Windows Updates

3 critical updates – 4 important updates = 7 total bulletins that were addressed.

Here is a rundown of the critical updates:

Overall, Patch Tuesday this time around was a huge hit.

Now, get to work on the updates:

Java.com

Windows Updates

 

%d bloggers like this: