December 2013 Security Updates from Microsoft



Today, Tuesday December 10, Microsoft is releasing eleven new security bulletins. Five of the bulletins are rated critical. Microsoft systems affected are:

  • Windows operating systems
  • Office
  • Lync
  • Internet Explorer
  • Exchange
  • Windows Server operating systems
  • Developer Tools

It is recommended to accept the updates. MIT WAUS subscribers will receive the updates after they have been tested for compatibility. Installing the bulletins manually may require a restart.

This is the last update of the year, finishing the 10th anniversary of Microsoft’s formularized process for security updates. Six of this month’s bulletins close potential remote code execution holes. All Windows platforms are affected, from XP to 8.1 and from Server 2003 to 2012. In addition, this month’s Internet Explorer update covers IE 6 through 11.

Adobe Releases Security Updates for Flash, ColdFusion

Adobe-LogoAdobe has released security updates for Flash Player and ColdFusion to address four vulnerabilities. The Flash update is available for Windows, Mac, and Linux. According to Adobe, the updates are not related to the recent theft of ColdFusion source code.

Read the full article online.

Why Patch a Mac?

Apple-LogoAccording to ZD Net, this has been a fairly busy security update season for Mac users. In fact, they say, Mac users have a lot more work involved to keep their systems safe.

There have been patches for the operating systems, for Safari for Mac, for Java and Adobe vulnerabilities, quite a long list compared to previous years.

There really are attacks out there against Macs which exploit vulnerabilities, so accepting and installing these patches is important.

Read the story online.

Oracle Security Patches Released

Last week Oracle released its security update for June 2013, which comprises 40 security updates, with 37 of them addressing vulnerabilities that lead to malware execution. Among the updates is one that fixes a vulnerability found in Javadoc.

Javadoc is a tool that generates frames for online documentation web apps. However, there is a vulnerability in how Javadoc interprets user supplied frames, leaving it vulnerable to frame injection when hosted on a web server. By using the vulnerable variation, and put into a webpage, a user clicking into the frame will be going to a malicious redirection.

The other updates address vulnerabilities in:

  • JDK and JRE 7, 6 and 5.0
  • JavaFX 2.2.21 and earlier

NOTE TO MIT USERS: Before installing Java updates to a computer in the MIT environment, please review this article: Which Java version should I install?

Oracle Updates Java

Oracle has released a critical patch update for Java Standard Edition (SE). Oracle recommends that customers apply the fixes as soon as possible. Release Java SE 7u21 includes 42 new and important security fixes.

Oracle has two products that implement Java SE: Java SE Development Kit (JDK) 7 and Java SE Runtime Environment (JRE) 7. JDK 7 is a superset of JRE 7 and contains everything that is in JRE 7, plus tools such as the compilers and debuggers necessary for developing applets and applications.

Users running Java SE with a browser can download the latest release here. Users on the Windows and Mac OS X platforms can also use automatic updates to get the latest release.

Java 8 may be delayed while Oracle works out these issues with Java 7. The release group’s focus suggests they will be releasing a stable, polished version of Java 8. The scheduled date for Java 8 is June 18, 2013.

In related Java news, Apple’s most recent update for Safari includes functionality that allows users to decide whether to enable the Java plug-in on a site-by-site basis. The new feature is available for the latest versions of Safari 5 and 6. Apple has also released an update for the Java browser plug-in that addresses 21 vulnerabilities in the browser and in Java.

Microsoft Security Updates for April 2013

Today, April 9th, Microsoft is planning to release nine new security bulletins, two are rated critical and seven are rated important. Restarts may be required for these patches and they will affect the following software:

  • Internet Explorer
  • Microsoft Windows
  • Microsoft SharePoint Server
  • Microsoft Office
  • Windows Defender for Windows 8 and RT

The updates will be available from the Windows Update tool, the Windows Server Update Services or the Download Center. Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool. MIT WAUS subscribers will receive the updates as soon as they have been tested and released.

Still on Windows XP? Be Prepared to Migrate.

Are you prepared for the de-support of Windows XP? Microsoft support for Windows XP is ending April 8, 2014 and those users running the operating system after support ends will not receive security updates for Windows. Why are security updates important?

IS&T now provides and supports Windows 7 in full and offers limited support for the business-class versions of Windows 8 (including Pro and Enterprise). The IS&T Software Grid shows which versions are available for download.

There are known issues running some software on Windows 8 machines, so if you rely on an application that is not yet fully compatible with Windows 8, you should hold off on upgrading or purchasing a new machine with Windows 8. Until software vendors have released versions of their applications that are compatible with Windows 8, IS&T will be unable to support them.


Get every new post delivered to your Inbox.

Join 60 other followers