Microsoft's patches address at least 31 vulnerabilities, half of which are deemed "critical". Photo: Bloomberg
Adobe and Microsoft have issued patches to fix critical security flaws in their software. Microsoft's February Patch includes seven patch bundles addressing at least 31 vulnerabilities in Windows and related software. Adobe pushed out an update that fixes two critical bugs in its Shockwave Player.
More than half of the updates issued by Microsoft on Tuesday earned a "critical" rating – Microsoft's most dire. That rating is assigned to vulnerabilities that can be exploited by malware or malcontents to take complete, remote control over vulnerable systems – with no help from users.
Microsoft is urging Windows users to apply all of the available fixes, but for those who need to prioritise patches (organisations that typically test patches before deploying them enterprise-wide), the company places a special focus on MS14-007, a graphics vulnerability in Windows 7, 8, 8.1 and Windows Server 2007, 2012 and Windows RT.
The cumulative, critical security update for all versions of Internet Explorer (MS14-010) fixes two dozen vulnerabilities, including one that Microsoft says has already been publicly disclosed. The other patch that Microsoft specifically called out, MS14-011, addresses a vulnerability in VBScript that could cause problems for IE users.
Microsoft is once again encouraging Windows users who haven't already done so to consider installing and using its Enhanced Mitigation Experience Toolkit (EMET), a free tool that can help to significantly beef up the security of third-party applications that run on top of Windows. I would second their recommendation, and have reviewed EMET 4.0. The latest version, 4.1, requires Microsoft's .NET Framework 4 platform.
Speaking of .NET, this month's update includes a comprehensive patch for the .NET Framework; experience has taught me to install these separately from other Windows patches, then reboot and install any .NET updates. I've run into trouble in the past trying to install .NET updates alongside lots of other simultaneously, but your mileage may vary.
For more on today's Microsoft patches, check out the Microsoft Security Response Centre blog, as well as Qualys' take on the updates.
Separately, Adobe has issued a critical patch for its Shockwave player, which fixes two flaws and brings Shockwave to v. 12.0.9.149 on Mac and Windows systems.
If you visit this link and see a short animation, it should tell you which version of Shockwave you have installed. If it prompts you to download Shockwave, then you don't have Shockwave installed and in all likelihood don't need it. Firefox users should note that the presence of the "Shockwave Flash" plugin listed in the Firefox add-ons section denotes an installation of Adobe Flash Player plugin – not Adobe Shockwave.
via Technology - Google News http://ift.tt/1g4Nsjk
Put the internet to work for you.
0 comments:
Post a Comment