Microsoft has issued security updates to fix at least four security holes in its Windows operating system and other software. Not exactly a fat Patch Tuesday from Microsoft, but depending on how agile you are in updating third-party applications like Flash, iTunes and Shockwave, you may have some additional patching to do.
One of the updates from Microsoft earned a “critical” rating, meaning Redmond believes it could be exploited to break into vulnerable systems with little to no help from users. That flaw, a bug in the way Windows Media Player and Media Center process certain types of media files, could be leveraged by convincing a user to open a tainted video file. This flaw affects Windows XP, Vista and Windows 7.
Microsoft has more details on and links to the other two patches — rated “important” — at its Security Response Center blog. The updates are available through Windows Update or via Automatic Update. The software giant chose not to address an Internet Explorer vulnerability that hackers have been exploiting since late January, although the company has issued a stopgap “FixIt” tool for that flaw.
In other news, Apple has released an update to iTunes that corrects more than 50 security vulnerabilities in the Windows version of this software. That patch bundle is available from Apple Downloads or via the Apple Software Update program that now comes bundled with iTunes and other Apple software for Windows.
I’m a bit behind in reporting on important updates to Adobe’s Flash and Shockwave players that fix a load of problems with these widely-installed software packages. The Flash update bumps the player up to version 10.2.152.26, and plugs at least 13 security holes on both Windows and Mac installations. To check which version you have installed, visit this page: There is a decent chance that Adobe’s built-in updater has already prompted you to update this program. If your version is lower than 10.2.152.26, it’s time to update.
Updates are available via Adobe’s Download Center or directly from this page. The latter option avoids Adobe’s obnoxious Download Manager, which may prompt you to install additional software that you don’t need or want. Remember that if you are using both Internet Explorer and a non-IE browser like Firefox or Opera, you will need to install Flash twice, once with the IE ActiveX installer, and again with your other browser. Google Chrome users should already have this version of Flash deployed (but do take a second to check this page to make sure you have the right version, just in case).
The critical Shockwave patch brings the player to version 220.127.116.110, and addresses at least 21 security holes in the program. But readers should check to see whether they even have this program installed before installing the latest version. If you visit this link and see a prompt to install Shockwave, then you don’t have the program. If you do have it installed, you should see a version number beneath the Shockwave icon. Updates are available for Windows and Mac versions of Shockwave.
Update, Mar. 9, 8:31 a.m. ET: It seems that many readers already have an even newer version of Flash installed, v. 10.2.152.32. I checked with Adobe, and they confirmed that this 10.2.152.32 is in fact the latest version, although it contains no additional security fixes. More information on the .32 update is available here.