Adobe and Oracle Release Critical Updates

Adobe released a fix for a zero-day bug in Adobe Flash Player for Windows and Mac. Users should update to Adobe Flash Player 17.0.0.169. If you are unsure whether your browser has Flash installed or what version it may be running, go to Adobe’s Flash Player page. Internet Explorer on Windows 8 and Chrome should automatically update.

Oracle’s quarterly critical patch update plugs 15 security holes in Java 8. If you have Java installed and use it for specific websites or applications, update as soon as possible. Windows users can check for the program in the Add/Remove Programs listing or visit Java.com and click the “Do I have Java?” link on the home page. Note that Oracle will be ending support for Java 7 after this update of Java 8 (Update 45).

Read the full story at Krebs on Security.

Adobe Updates Flash Player

Adobe has released an update for its Flash Player that addresses at least 11 separate vulnerabilities. The most current version of Flash for Windows and Mac is now 17.0.0.134; Flash on Google Chrome and Internet Explorer on Windows 8.x should be updated automatically; Linux users are advised to update to version 11.2.202.451. Find out if you have the latest version of Flash installed on your browser.

Read the story at Krebs on Security.

Google and Microsoft Miscommunication?

Google’s Project Zero posted details of a vulnerability in Windows 8.1 after waiting for Microsoft to respond, to no avail, for 90 days. Once a vulnerability is public knowledge, it can be abused by attackers. Microsoft criticized Google for publicizing the flaw too early, saying the company had put Windows customers at risk.

According to Microsoft, it had specifically asked Google to withhold details of the flaw until January 13, Patch Tuesday, when the fix would be released. Microsoft patched two Windows vulnerabilities that were exposed by Google in MS15-001 and MS15-003.

With adherence to its 90-day policy, Google disclosed two additional vulnerabilities after last week Tuesday’s patches were released. One of them does not appear to be a security issue. The next Patch Tuesday is scheduled for February 10, when presumably the more serious of the two vulnerabilities will be patched.

Mozilla Releases Firefox 34

This week Mozilla released Firefox 34.0.5. Users of this browser will notice that the default search engine in Firefox 34 is Yahoo, rather than Google. Also included in this version are an improved search bar, and the launch of WebIDE (the replacement for App Manager). SSL 3.0 support has been removed from this update due to known security issues.

Read the Notes for Firefox 34.0.5

Adobe Releases Flash Player Update, Delays Reader and Acrobat Fixes

Last week, Adobe released an update for Flash to address a dozen critical flaws. Chrome and IE 11 users will find their versions of Flash automatically updated.  You can see which version you have installed here, or download Adobe Flash Player here.

Fixes for flaws in Reader and Acrobat that had been scheduled to be released last week are delayed until this week so Adobe can conduct further testing.

Read the full story in the news.

Microsoft Security Updates for September 2014

Microsoft is planning to release four updates this Tuesday, September 9, to address various flaws. On the same date Microsoft is also planning to release a new security feature for Internet Explorer (IE), called out-of-date ActiveX control blocking and a new version of the Windows Malicious Software Removal Tool.

Affected software being updated includes Windows, IE (rated critical) and Lync Server.

Read the full story in the news.

December 2013 Security Updates from Microsoft

MSFT_logo_png

 

Today, Tuesday December 10, Microsoft is releasing eleven new security bulletins. Five of the bulletins are rated critical. Microsoft systems affected are:

  • Windows operating systems
  • Office
  • Lync
  • Internet Explorer
  • Exchange
  • Windows Server operating systems
  • Developer Tools

It is recommended to accept the updates. MIT WAUS subscribers will receive the updates after they have been tested for compatibility. Installing the bulletins manually may require a restart.

This is the last update of the year, finishing the 10th anniversary of Microsoft’s formularized process for security updates. Six of this month’s bulletins close potential remote code execution holes. All Windows platforms are affected, from XP to 8.1 and from Server 2003 to 2012. In addition, this month’s Internet Explorer update covers IE 6 through 11.

Follow

Get every new post delivered to your Inbox.

Join 74 other followers