ADVERTISEMENT
Filtered By: Scitech
SciTech

Microsoft, Adobe 'flood' users with security patches


+
Add GMA on Google
Make this your preferred source to get more updates from this publisher on Google.

It will be a busy week for IT administrators and users of Microsoft’s Windows operating system and Adobe software, after both companies released a flood of security patches Wednesday (Manila time). Microsoft issued at least five security updates for this week’s Patch Tuesday, while Adobe released 13 software patches of its own. The five Microsoft updates include:

  • MS11-070: addressing a vulnerability in the Windows Internet Name Service (WINS) that could allow elevation of privileges.
  • MS11-071: addressing a vulnerability in Windows components that could allow remote code execution.
  • MS11-072: addresses vulnerabilities in Microsoft Excel that could allow remote code execution.
  • MS11-073: addressing vulnerabilities in Microsoft Office that could allow remote code execution.
  • MS11-074: addressing vulnerabilities in Microsoft SharePoint that could allow elevation of privilege.
On the other hand, Adobe made available security updates for its Reader and Acrobat software, and urged users to upgrade to the latest versions immediately. “Critical vulnerabilities have been identified in Adobe Reader X (10.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier versions for UNIX, and Adobe Acrobat X (10.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system," it said (http://www.adobe.com/support/security/bulletins/apsb11-24.html?PID=4165004). The 13 updates include:
  • Resolving a local privilege-escalation vulnerability (Adobe Reader X/10.x on Windows only)
  • Resolving a security bypass vulnerability that could lead to code execution
  • Resolving a buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution
  • Resolving a heap overflow vulnerability that could lead to code execution
  • Resolving a heap overflow vulnerability that could lead to code execution
  • Resolving an buffer overflow vulnerability that could lead to code execution
  • Resolving a heap overflow vulnerability in the Adobe image parsing library that could lead to code execution
  • Resolving a heap overflow vulnerability that could lead to code execution
  • Resolving three stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution
  • Resolving a memory leakage condition vulnerability that could lead to code execution
  • Resolving a use-after-free vulnerability that could lead to code execution
  • Resolving two stack overflow vulnerabilities in the CoolType.dll library that could lead to code execution
  • Resolving a logic error vulnerability that could lead to code execution.
Adobe added the next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for December 13. Meanwhile, Adobe said support for Adobe Reader 8.x and Acrobat 8.x for Windows and Macintosh will end on November 3. The affected Adobe software versions include:
  • Adobe Reader X (10.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.4.5 and earlier 9.x versions for Windows, Macintosh and UNIX
  • Adobe Reader 8.3 and earlier 8.x versions for Windows and Macintosh
  • Adobe Acrobat X (10.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.4.5 and earlier 9.x versions for Windows and Macintosh
  • Adobe Acrobat 8.3 and earlier 8.x versions for Windows and Macintosh
Adobe said its updates also incorporate the Adobe Flash Player updates as noted in Security Bulletin APSB11-21. Meanwhile, a separate article on PC World noted that while none of the patches are rated critical, users are strongly urged to pay close attention. “Despite the number of patches Microsoft issued today, it’s important to not let the out of band advisory Microsoft updated last week slip through the cracks. The advisory essentially revokes Microsoft’s trust of various DigiNotar certificates," said Joshua Talbot, Security Intelligence Manager for Symantec Security Response. Andrew Storms, Director of Security Operations for nCircle concurs on the urgency of the DigiNotar trust revocation. “Microsoft continues its effort to be vigilant about the DigiNotar certificates and is releasing another DigiNotar update. This time it is ‘nuking’ more certificates related to DigiNotar, specifically ones that were cross-signed by other certificate authorities. Anything and everything associated with DigiNotar is getting purged," he said. — TJD, GMA News
Tags: microsoft, adobe, security
Most Popular