«
»

Microsoft, Adobe Push Critical Security Updates

Microsoft and Adobe each released updates to fix critical security holes in their software. Microsoft’s patch batch tackles at least 33 vulnerabilities in Windows and other products, including a fix for a zero-day vulnerability in Internet Explorer 8 that attackers have been exploiting. Separately, Adobe pushed security updates for Flash Player, Adobe Reader, Acrobat and Adobe AIR.

Microsoft’s Patch Tuesday bundle includes two separate updates for Internet Explorer; the first (MS13-037) is a cumulative update for Internet Explorer. The second is a fix (MS13-038) specifically for a critical bug in IE 8 that miscreants and malware have been using to break into windows computers. Other, slightly less severe holes were fixed in Microsoft PublisherWordVisio and Windows Essentials.

Last week, Microsoft released a stop gap fix it tool to help blunt the threat from the IE8 zero-day flaw. If you installed that interim fix, Microsoft recommends taking a moment to disable it before applying today’s patches.

As it usually does on Microsoft’s Patch Tuesday, Adobe used the occasion to push its own security updates. A new version of Flash (v. 11.7.700.202 for Mac and Windows systems) fixes 13 vulnerabilities.  IE 10 and Google Chrome automatically update themselves to fix Flash flaws. This link should tell you which version of Flash your browser has installed. If your version of Chrome is not yet updated to v. 11.7.700.202, you may need to just restart the browser.

The most recent versions of Flash are available from the Adobe download center, but beware potentially unwanted add-ons, like McAfee Security Scan). To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply this patch twice, once with IE and again using the alternative browser (FirefoxOpera, e.g.).

In addition, Adode AIR (required by some applications like Pandora Desktop, for example) was updated to v. 3.7.0.1860. Also, Adobe has released new versions of Adobe Reader and Acrobat that fix at least 27 security holes in these products. See this link for more detail on those patches. Adobe said it is not aware of any active exploits or attacks in the wild targeting any of the issues addressed in these updates.

This entry was posted on May 16, 2013 at 6:02 pm and is filed under Information, Software, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment