Busy Patchday: Updates for almost everything

Today seems to be administrators nightmare day: Not only Microsoft released the announced updates on the regular Patch Tuesday, but also Adobe for Reader and Flash Player and Google for the Chrome web browser. And even worse, this doesn’t make the computers 100 % secure again as security company TippingPoint yesterday released information about security vulnerabilities in plenty of products which aren’t fixed yet, offering new attack surface to cyber criminals. But let’s start from the beginning:

Just as announced last Friday, Microsoft released 12 updates which fix 22 security vulnerabilities in the Windows operating systems, Internet Explorer, Internet Information Services and Microsoft Office. In Office, information about still unfixed vulnerabilities have now been published by TippingPoint. Those have been announced to Microsoft 180 days ago – half a year. Still, as the freshly published updates fix some critical rated security vulnerabilities which allow cyber criminals to take control over a computer just by luring users into visiting infected websites, for example, the available updates should be installed as soon as possible!

In Adobe Reader and Acrobat the new version 10.0.1 (and 9.4.2 as well as 8.2.6, respectively) fix plenty of vulnerabilities – the security advisory lists 29 entries in the CVE database. The updates are already downloadable on Adobes website. Of course, these updates are urgent as well and should be applied ASAP!

Oops, and I nearly missed this one – also Flash Player gets updated. According to Adobe’s security advisory, it has 13 vulnerabilities fixed. As one of the most attacked components on the Internet, downloading and installing the new version immediately is a good idea, too!

And even Google did release freshened software – while Chrome 9 was just released end of last week, version 9.0.597.94 brings a new Flash Player 10.2 plug-in and fixes 5 security vulnerabilities. Of those, 3 are rated as being highly critical. The update gets installed automatically as usual, but to make sure to already use the most recent version, use the “About Chrome” menu entry to force the update to get downloaded and installed if necessary.

Dirk Knop
Technical Editor