October 11, 2011

Microsoft and Apple today released security updates to fix a slew of critical security problems in their software. Microsoft’s patch batch fixes at least 23 vulnerabilities in Windows and other Microsoft products. Apple’s update addresses more than 75 security flaws in the Windows versions of iTunes.

Nine of the 23 flaws Microsoft fixed with patches today are rated “critical,” meaning attackers could exploit them to break into vulnerable systems with little or no help from users. Eight of the nine critical bugs are in Internet Explorer. The remaining critical flaw is corrected in an update for the .NET Framework. Three of the vulnerabilities fixed with these updates were disclosed publicly prior to today, including a flaw in Windows Media Center that Microsoft believes crooks are likely to soon figure out how to reliably exploit.

The iTunes update brings the music player software to version 10.5, and is available for Microsoft systems running Windows 7, Vista, XP SP2 and later. Two new features of iTunes deserve mentioning: Apple says iPhone and iPad users who upgrade to iOS 5 when it is released later this week will be able to sync with iTunes wirelessly. More importantly from an update perspective, Apple has at long last untethered iTunes from QuickTime.

Users can download the update by opening iTunes; if you’re not directed to download iTunes 10.5 when you start the program, click “Help,” and then “Check for Updates.” Some OS X users may be wondering how many of these flaws exist in the Mac version of iTunes. According to the SANS Internet Storm Center, Mac users can expect some of these problems to be fixed in Security Update 2011-006 and in OS X Lion v. 10.7.2. For the time being, however, neither of those updates appear to have been released.

The latest Windows patches are available through Windows Update or via Automatic Update. As always, please drop a note in the comments section if you experience any problems during or after the installation of these patches.