Microsoft Security Updates for August 2015

This week on Patch Tuesday, Microsoft released fourteen security bulletins, four of which are considered critical.

Systems affected include Windows, Internet Explorer, Office, Silverlight, Microsoft .NET Framework, Microsoft Lync, and Microsoft Server Software. Some of the fixes are for Windows 10, including its newest browser Microsoft Edge. An attacker could run malicious code on an affected machine if a user visits a specially-crafted webpage, allowing access at the logged-in user level.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.

Read the story in the news.

Adobe Security Patches Released so Far in July 2015

Adobe has posted multiple security advisories and updates for its products this month:

  • Adobe Flash Player: A Security Advisory (APSA15-03) was posted earlier this month regarding a critical vulnerability in Adobe Flash Player, affecting Windows, Macintosh and Linux. Adobe did take quick steps to fix the software. The details of the updates were posted in APSA15-16. A week later, another update was released via APSA15-18. To make sure you have the latest update, go to the About Flash Player page. If using Firefox, Flash may be disabled by default. If on Windows or Macintosh, you should be running version 18.0.0.209. If using Linux, you should be running version 11.2.202.491.
  • Adobe Acrobat and Reader: Adobe Acrobat X and XI and Reader X and XI have security updates (APSA15-15) for critical vulnerabilities. The latest version for Adobe and Reader XI is 11.0.12 and for Acrobat and Reader X is 10.1.15.
  • Adobe Shockwave Player: A security update was released via a security bulletin (APSA15-17) for a vulnerability in Shockwave Player version 12.1.8.158 and earlier. The latest version of the player is version 12.1.9.159, available via the Shockwave Player Download Center.

In all cases, Adobe recommends users update their software to the latest versions. Read more about the Adobe Flash Player update in the news here.

Several big Internet players are calling for the retirement of Adobe Flash. Read that story in the news here.

Microsoft Security Updates for July 2015

On Patch Tuesday last week, Microsoft released 14 security bulletins (MS15-058, and MS15-065 through MS15-077) to address vulnerabilities in Microsoft products. Four of these are rated critical.

Systems affected include Microsoft Windows, Office, Internet Explorer and SQL Server. Read the story in the news (This article also includes more on the Adobe Flash issues mentioned above).

One of the critical bulletins, MS15-067 included a patch to address a remote code execution vulnerability in Remote Desktop (RDP).

To exploit the vulnerability, an attacker could send a specially crafted sequence of packets to a system running the RDP server service. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

RDP is heavily used throughout MIT and therefore IS&T recommends that patches are applied as soon as possible. If you have questions or need assistance, send email to the IS&T Help Desk or call 617.253.1101. You can also submit a request online.

Microsoft also released an out-of-band patch (MS15-078) this past Monday for all supported versions of Windows. It fixes a security bug in the way Windows handles custom fonts. The updates is rated as critical.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.

Microsoft Security Updates for June 2015

On Patch Tuesday last week, Microsoft released eight security bulletins (MS15-056 through MS15-064). Two are labeled critical, but four address remote code execution vulnerabilities that an attacker could use to take control of a user’s machine.

Systems affected include Microsoft Windows, Internet Explorer, Microsoft Office and Microsoft Exchange Server. The security update for Internet Explorer fixes 24 vulnerabilities in the browser.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.   

Read the story in the news.

Oracle Releases Patch for VENOM Vulnerability

Oracle has released a fix for a critical overflow vulnerability known as VENOM. The problem lies in QEMU’s virtual Floppy Disk Controller, which is part of some virtualization platforms and is used in certain Oracle products. Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by the Security Alert as soon as possible.

Read the Oracle Security Alert

Microsoft Security Updates for May 2015

Microsoft released 13 updates on May 12th, Security Bulletins MS15-043 through MS15-055, to address vulnerabilities in Microsoft Windows. Three are rated critical. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature by-pass.

All Windows operating systems are affected, as well as Microsoft Silverlight, Microsoft Office, Internet Explorer, and Microsoft SharePoint Server. It has been noted that the number of patches in this release brings the total number for the year to 53, the highest total through May of the past five years.

Patches are available via Windows Update.

Adobe Security Updates for Reader and Acrobat

This week Adobe released security updates for Adobe Reader and Acrobat for Windows and Macintosh. The updates patch 34 vulnerabilities in Acrobat X, Acrobat XI, Reader X and Reader XI that could potentially allow an attacker to take over the affected system.

Adobe recommends users update their product installations to the latest versions. Read the details in the Adobe Security Bulletin.