Sticking to its regular monthly schedule, Microsoft has issued the latest security patches for a variety of its products, plugging 29 vulnerabilities in Windows and Internet Explorer.
A blog post from Microsoft’s Dustin Childs summarises the security bulletins, emphasising that patches for Windows Journal and Internet Explorer should be “top of your list”.
The most critical of the flaws could see your computer infected by malware if you visit a boobytrapped webpage using a vulnerable version of Internet Explorer, or for an attacker to run malicious code on your Windows PC if you open a poisoned Windows Journal file. Windows Journal is built into Windows Vista, Windows 7 and Windows 8.
If you’re finding it tricky to determine which of Microsoft security patches is relevant to your organisation, you may wish to try out the company’s free and recently-introduced myBulletins service which provides a simple customised dashboard view.
More details of Microsoft’s latest security advisories can be found in the official Microsoft Security Bulletin Summary for July 2014.
Adobe, meanwhile, has issued a critical security update for Adobe Flash Player addressing a variety of flaws, and mitigating against the so-called Rosetta Flash attack publicised by Google security researcher Michele Spagnuolo.
Less serious flaws have also been patched in Adobe AIR.
Further details are available in Adobe’s security bulletin APSB14-17.
Adobe says it is not aware of any exploitation of the flaws in the wild, but it always makes sense to keep your copies of Adobe products updated against newly-discovered vulnerabilities.
Users are advised to check that they are running the latest version of Adobe Flash – version 14.0.0.145 – on their Windows, Mac and Linux computers. Although Adobe Flash may be configured to automatically update on many users’ computers, some users have reported that it can sometimes take days before they a security update is rolled out to them.
For that reason, you may prefer to visit Adobe’s site directly to download the latest version.
You can check which version of Flash your computer is running by visiting this page on Adobe’s site.
if I've disable the Internet Explorer in Windows features do i still need to update the IE in windows update?
One word: Yes.
Elaboration: Besides the two points that I outline below (which is most important), many software developers rely on IE itself[1] as an interface. I know this was the case years ago and I can only assume it still is. While it is possible you would not be subjected to the flaws (based on how the software uses IE) it would be safest to update.
In general there's two things to consider:
1) If you aren't using it why have it installed? With WIndows I think you will need to have IE Installed. See my footnote below for further information.
2) It is vulnerable regardless of you disabling (or not using it). Patch it and remove all doubt (at least all doubt that can be removed with MS).
[1] I am an anti-MS, anti-Apple bigot. At least I admit it. The way MS made it a core component of Windows means the software that uses it might be doing what they should be doing. However, why any OS relies on a web browser is another question entirely (and a question I know that even if MS wanted to answer, they could not answer because it is a long time practice). OS's should have core components of course (as a way for the user to interact with the computer… it sort of is required), but why a web browser… is the question. Regardless, it's what they did and that is that – patch your system! It's the only sensible thing to do.