[NPMUG] Microsoft user? Adobe user? Update your systems now ( Mac users are affected )

Dave Sevick dave at davesevick.com
Wed Oct 14 13:06:29 MDT 2009 

http://www.sophos.com/blogs/gc/g/2009/10/14/microsoft-user-adobe-user-update-systems/


Microsoft user? Adobe user? Update your systems now


As part of its regular "Patch Tuesday" cycle, Microsoft has released a  
number of fixes for a number of its widely deployed products to patch  
critical security vulnerabilities.

Eight of the critical patches, addressing vulnerabilities in Windows,  
Microsoft Office, Internet Explorer, Silverlight, SQL Server,  
Forefront, Visual Studio, and other products, aim to stop hackers dead  
in their tracks from launching malicious attacks remotely.

A further five of the patches are classified as "important."

In total, 34 security holes are fixed in what is Microsoft's largest  
ever bundle of Patch Tuesday security updates.

Microsoft's security response center has also released a chart,  
showing the severity of each vulnerability. "Red" means "critical" -  
in other words, that's as bad as thing gets.

So the amount of "red" you see below should be a good indication of  
how serious these vulnerabilities are. If any more underlining of the  
importance were necessary, bear in mind that functioning code which  
exploits some of the vulnerabilities addressed by Microsoft's patches  
has already been published.



You can learn much more about the patches in an advisory posted on  
Microsoft's website.

Meanwhile, Adobe has also issued advice regarding critical  
vulnerabilities in Adobe Reader and Adobe Acrobat.

Unlike the patches released by Microsoft, Adobe's fixes cover Windows,  
Apple Mac OS X, and Unix/Linux.

In total, the Adobe fixes patch a stonking 29 vulnerabilities. Sophos  
has already seen malware which exploits some of the vulnerabilities  
affecting the Adobe PDF file format.

Over on his blog, Chet has some interesting things to say about these  
latest patches - looking in greater detail at some of the  
vulnerabilities, and questioning whether Adobe could learn a thing or  
two from Microsoft when it comes to responding to flaws in their code.

Whether you agree with Chet or not, one thing is clear - if you're an  
affected Microsoft or Adobe user, you need to roll these patches out  
as a matter of priority.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://davesevick.com/pipermail/npmug/attachments/20091014/0d3721da/attachment-0002.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ms-exploitability-oct09.jpg
Type: image/jpeg
Size: 35838 bytes
Desc: not available
Url : http://davesevick.com/pipermail/npmug/attachments/20091014/0d3721da/attachment-0001.jpg 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://davesevick.com/pipermail/npmug/attachments/20091014/0d3721da/attachment-0003.htm

More information about the NPMUG mailing list