Another Patch Tuesday, means another round of security updates from Microsoft and Adobe, designed to fix critical vulnerabilities in their software.
First up for inspection is Microsoft, which issued (a low by its usual standards) four patches – two deemed “critical” and two ranked “important”, but all capable of allowing a malicious attacker to remotely execute code if successfully exploited.
This Patch Tuesday is making more headlines for Microsoft users than normal, because it is the very last time that Redmond will be issuing patches for Office 2003 and Windows XP.
The update which is probably most essential to patch as soon as possible is MS14-017, as one of the vulnerabilities it addresses is currently being actively exploited by malicious attackers in the wild, and means that simply previewing a message in Outlook could lead to computers becoming infected.
A cumulative patch for Internet Explorer (MS14-018) has also been ranked “critical”, and addresses six different vulnerabilities which could be exploited by remote hackers to run malicious code. The patch is said to be required by all versions of Internet Explorer except IE10.
More information about the patches can be found in Microsoft’s blog post.
Of course, it’s not just Microsoft customers who need to make sure they are downloading the latest patches every second Tuesday of each month. Adobe users should be ready for action as well, as the company typically times its scheduled security updates with Redmond.
This time around Adobe has fixed a number of critical vulnerabilities in Flash, which – it says – have not been seen exploited in the wild as yet. Clearly, it’s important that things remain that way – so users are advised to update to Flash version 220.127.116.11 on their Windows, Mac and Linux systems.
Users of Adobe Air, which is used by some desktop products, should also be kept updated. The latest version is 18.104.22.168.
As always, if grabbing a new version of Adobe Flash from the company’s website be careful not to be tricked into also downloading third-party software like McAfee Security Scan.
It’s a cheap and dirty trick, and companies like Adobe (and indeed McAfee) should know better than to endorse it.