New Security Updates from Adobe

August 10, 2010

Adobe Systems, not to be left out of this month’s patch-fest, has issued several security updates for its software products.  For most users, the significant update is for Adobe’s Flash Player; versions 10.1.53.64 and earlier are affected.  The player is very widely installed; it is the media player primarily used by sites such as YouTube.  The vulnerability addressed by the patch is rated Critical by Adobe; further details are in the Security Bulletin.   The new version, 10.1.82.76, can be downloaded, for all platforms (Mac OS X, Linux, Windows, Solaris) from the Flash Player Download Center. Windows users should note that there is one version for use with Internet Explorer, and another for use with other browsers; this means that if you use both Internet Explorer and Firefox, for example, you need both updates.

Similarly, the Adobe AIR product, versions 2.0.2.x and earlier, needs to be patched for this same vulnerability; the new version, 2.0.3, can be downloaded here.

Adobe also released security updates for two other products.  One hotfix update is for ColdFusion and is rated Important; the details are here.   The other, rated Critical, is for Flash Media Server; the Security Bulletin has the details.

If you have Flash Player installed (and most of you do), I recommend that you install the relevant updates as soon as you can.  Because the player is supported on multiple platforms, and is very widely installed, it is a very tempting target for the Bad Guys.


Microsoft Security Patches, August 2010

August 10, 2010

Microsoft today released its normal monthly batch of security fixes.  A total of 15 patches are included in this month’s Security Bulletin Summary.   One of these, MS10-046, is the same patch that was released out-of-band on August 2.  The remaining 14 bulletins are new, and collectively address 31 separate  vulnerabilities.   Nine of the bulletins affect Windows itself or its components; every supported Windows version has at least two vulnerabilities rated Critical.   (A breakdown of severity rating by version is given in my preview post for this month.)   There are two bulletins that affect Microsoft Office, one rated Critical, and one for Microsoft Silverlight.  Microsoft also rates many of these vulnerabilities as very likely to be exploited.

All of these patches should be available from Windows Update; alternatively, there are download links in the Security Bulletin Summary.

The SANS Internet Storm Center has posted their usual monthly summary of the released patches.

I recommend installing these patches as soon as you conveniently can.


%d bloggers like this: