Patch now! Adobe and Microsoft push out critical security fixes

Microsoft and AdobeIt was the second Tuesday of the month yesterday, meaning that it was once again time for Microsoft to roll out its regular collection of security updates under the familiar moniker of “Patch Tuesday”.

The bundle of patches from Microsoft covers at least 23 documented vulnerabilities, and includes fixes for exploits that could be invoked in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework and Microsoft Silverlight.

The worst of the Microsoft vulnerabilities have earned the highest severity level of “Critical”, and require no user interaction for a malicious attacker to run code on a victim’s computer.

One vulnerability, which many companies will certainly want to patch against, is the one detailed in MS12-029. If left unpatched, the vulnerability could allow remote code execution if a user opens a boobytrapped RTF file.

Sign up to our free newsletter.
Security news, advice, and tips.

Severity and exploitability graph from Microsoft

Windows UpdateAs always, you can read the interpretation of SophosLabs on the seriousness of the various Microsoft vulnerabilities on the vulnerabilities page.

Remember, if you don’t have auto-updating turned on, you can click the Windows Update icon on the Start Menu to download Microsoft security updates.

Separately, Adobe issued security bulletins yesterday related to Adobe Illustrator, Adobe Photoshop (CS5 and earlier), Adobe Flash Professional and Adobe Shockwave Player.

Any Windows or Mac computer user who still feels it’s necessary to run Adobe Shockwave Player is advised to update to the latest version (currently

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.