Microsoft, Adobe unleash flood of security updates

It is a light Patch Tuesday for Microsoft, but with 13 updates from Adobe as well IT admins could be in for a busy week.

Today is Patch Tuesday again. The ninth of the year already. Microsoft has released five new security bulletins, and Adobe has joined the party with some security patching of its own today. With all of the vulnerabilities and updates, though, you need to take a step back to prioritize and figure out which patches are most urgent.

Actually, today is a bit anti-climactic. Due to human error the full security bulletins were made public briefly on Friday, so there has already been a four-day heads up of what to expect. But, now that the security bulletins and associated patches are legitimately public, it's time to take a closer look.

Five security bulletins isn't the lightest month ever, but it is far fewer than some of the Patch Tuesday avalanches we have seen. What is even more unique is that none of the five security bulletins are rated as Critical. All five of the bulletins--MS11-070 through MS11-074--are all rated Important.

"Although none of this month's patches are rated critical, we strongly urge users to pay extra close attention to the Office Uninitialized Object Pointer Vulnerability," said Joshua Talbot, Security Intelligence Manager for Symantec Security Response. "It seems to be a fairly easy to exploit memory corruption issue and leverages extremely common Word files to attack users' computers."

Tyler Reguly, Technical Manager for Security Research and Development at nCircle, explains, " If you're prioritizing bulletins today, it's pretty simple: Excel (MS11-072) comes first, followed by the rest. Some of the more interesting patches (Sharepoint and WINS) only apply to certain software configurations."

Talbot also stresses, though, "Despite the number of patches Microsoft issued today, it's important to not let the out of band advisory Microsoft updated last week slip through the cracks. The advisory essentially revokes Microsoft's trust of various DigiNotar certificates."

Andrew Storms, Director of Security Operations for nCircle concurs on the urgency of the DigiNotar trust revocation. "Microsoft continues its effort to be vigilant about the DigiNotar certificates and is releasing another DigiNotar update. This time it is 'nuking' more certificates related to DigiNotar, specifically ones that were cross-signed by other certificate authorities. Anything and everything associated with DigiNotar is getting purged."

Symantec's Talbot urges, "This update should probably be kept at the top of IT admins' to-do lists--even before any of today's patches-- as there are attacks occurring in the wild leveraging the compromised certificates."

The Microsoft Patch Tuesday is overshadowed to some extent by Adobe's security patch release.

Storms cautions, "In what might be a first time event, Adobe released a batch of 13 CVE's early this morning before the Microsoft patch. It's a definitely improvement over their previous late afternoon releases, but it's still a 'classic' Adobe patch in that we have very little information about the bugs being fixed in the patch. The bad news is that most of them could result in the worst kind of security outcome--remote code execution."

Make sure you check out the patches released by Microsoft and Adobe today and apply the appropriate updates to protect your systems.

Tags patchesspamsymantecpatches & driversAdobe SystemssecurityvirusesMicrosoftphishingnetwork security

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?