Critical patches for Windows and Flash Player

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Flash and Windows
If you’re a user of Windows or Flash (and I would imagine that covers the vast majority of you) then it’s time to roll out the latest critical security patches, as Microsoft and Adobe have released updates to their software.

First up is Microsoft, who have released a bumper bundle of fixes as part of their regular “Patch Tuesday” cycle, issuing 14 bulletins to remedy 34 security holes in Windows, Internet Explorer, Microsoft Office, Silverlight, Microsoft XML Core Services and Server Message Block.

Eight of the bulletins have been Microsoft’s highest severity rating of “critical”, with the rest being labelled “important”.

The good news, as Chet Wisniewski explains, is that we haven’t yet seen any malware spreading by exploiting these vulnerabilities – but that may only be a matter of time.

Sign up to our free newsletter.
Security news, advice, and tips.

Separately, Microsoft has also issued an advisory about a zero-day vulnerability, which could allow untrusted code to run on a user’s machine by exploiting a weakness in the Windows Service Isolation feature.

Meanwhile, another platform commonly targeted by malicious hackers has been updated to defend against security vulnerabilities.

Adobe has identified critical vulnerabilities in Adobe Flash Player version 10.1.53.64 and earlier, and urged users to update their installations of Flash and Adobe Air.

If you’re not sure which version of the Adobe Flash Player you have installed, visit the About Flash Player page. Remember that if you use more than one browser on your computer you should check the version number on each.

By the way, be careful when installing a new version of Flash to think carefully about whether you also want to install McAfee Security Scan Plus. Adobe rather naughtily (in my humble opinion) defaults to having that box selected by default even though it’s not necessary if all you want to do is update Flash.

Adobe Flash update with unwanted McAfee

It would obviously be a good idea for everyone to update vulnerable computers as soon as possible.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.