Microsoft is going to make available another large set of product updates on Patch Tuesday, 14 June. These are all rated 'Critical' or 'Important' and will affect all major platforms - XP, Vista, Windows 7, Windows Server - and ALL supported versions of Internet Explorer. There will also be a new release of Microsoft's Malicious Software Removal Tool at the same time. After installation of these patches (aka bug fixes) you will need to restart your PC.
For full details see the Microsoft Security Bulletin Advance Notification for June 2011
On the same day Adobe is releasing updates for Adobe Reader X and Adobe Reader 9.4.3 (and earlier) for Windows and Mac, and Adobe Acrobat X and Acrobat 9.4.3 (and earlier) for both platforms. These are Critical updates, and come a week after the emergency out-of-sequence updates for Flash.
For more details see the Adobe Product Security Incident Response Team (PSIRT) Blog.
Users with Microsoft Automatic Updates will receive the Microsoft updates automatically; they can also be downloaded from the Microsoft Update site.
The increasing frequency of software patches from major vendors to fix critical security flaws means that those users who do not regularly check security websites or forums for news of vulnerabilities and updates are going to be increasingly vulnerable to malware attacks exploiting these security flaws. According to Microsoft many of the PC infections reported to them are caused by users whose third-party software has not been updated for up to two years. If McAfee offered a program to keep users' installed software up to date (as Chrome does, for its third-party plug-ins) their exposure to malware infection would be much reduced.Message was edited by: Hayton on 11/06/11 18:40:10 IST
The Microsoft updates are upon us, and they're an impressively (or depressingly) large package, as predicted.
I haven't yet checked for the Adobe Reader updates, but I see that there is yet another update available for Flash. The current version for all browsers and platforms is now 10.3.181.26
Edit - Oh, and there's a new version of Chrome out today - version is now 12.0.742.100
Edit - And updates for a whole range of add-ons in Firefox 4, including NoScript. It's a busy day today.
Happy Patch Tuesday/Wednesday everyone.
Message was edited by: Hayton on 15/06/11 12:22:26 ISTMessage was edited by: Hayton on 15/06/11 14:07:19 IST
The early indications from Adobe were that there would be updates only for Acrobat and Reader. In fact, as Newjack has pointed out, there is yet another Critical Severity update for Flash - and that's not all. A check on the Adobe site shows updates out today for other Adobe products, including Shockwave and ColdFusion. ALL of these are rated Important or Critical, so update now.
"Java Patch Plugs 17 Security Holes"
I posted that one on June 8th.
This is why we need a tool like Secunia's built in to McAfee.
And on the subject of Secunia I posted a comment in Product Ideas which I will reproduce here :
Two days ago on the BBC World Service News I heard an interview with Kevin Mitnick (hacker-turned-security consultant and media guru) about the latest corporate victim of hacking in which he recommended, to millions of listeners, that they should install Secunia PSI on their PCs to help guard against malware attacks. That should raise the awareness level, at least among his listeners. I think there is a latent demand for this feature. It would at least be a selling point for the Marketing department.