Google Reader 379

Adobe, Microsoft Issue Critical Security Fixes
by Brian Krebs

Adobe and Microsoft today each issued software fixes to tackle dangerous security flaws in their products. If you use Acrobat, Adobe Reader or Windows, it’s time to patch.

MS Windows

Microsoft released seven security bulletins addressing at least eight vulnerabilities in Windows. The lone “critical” Microsoft patch addresses a pair of bugs in Windows Media Player. Microsoft warns that attackers could exploit these flaws to break into Windows systems without any help from users; the vulnerability could be triggered just by browsing to a site that hosts specially crafted video content.

The other Windows patches earned a less severe “important” rating from Microsoft, although not everyone agrees with that assessment. Symantec’s Joshua Talbot said another bug fixed today — a glitch in the way Windows handles Microsoft Office files — is potentially more dangerous because it appears to be easier to exploit than the Media Player flaw.

“The vulnerability is due to an oversight that allows an attacker to run malware as soon as a user opens a Word or PowerPoint file,” Talbot said. “Email attachments will probably be the most common attack method in which this vulnerability is exploited. As usual, we strongly recommend users only open email attachments from people they know.”

On Dec. 29, Microsoft issued an out-of-band update to address a flaw in ASP.Net that could allow an attacker to force a user to visit a malicious web site. The vulnerability affects all versions of the .NET Framework on Windows XP and later versions of Windows. If you use Windows see a .NET Framework patch awaiting your approval in Windows Update this month, don’t neglect it.

Adobe

In a separate release, Adobe pushed out security updates for Adobe Reader and Acrobat. At the forefront of the Adobe patch batch is a fix for a zero-day flaw in Acrobat and Reader that Adobe first warned about in early December. Shortly after that warning, Adobe issued a fix for the flaw in Reader 9.x and Acrobat 9.x, but said it would wait until today (its scheduled, quarterly update) to address it in the new Reader X and Acrobat X versions of the software. Adobe recommends that users of Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.2). Updates are available for Windows and Mac versions of these titles; see the Adobe advisory for the patch download links.

As ever, if you experience any problems as a result of installing these updates, please drop a note in the comments below.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: