May 8, 2012

Adobe and Microsoft today each issued updates to address critical security flaws in their software. Adobe’s patch plugs at least five holes in its Shockwave Player, while Microsoft has released a bundle of seven updates to correct 23 vulnerabilities in Windows and other products.

Microsoft’s May patch batch includes fixes for vulnerabilities that could be exploited via Web browsing, file-sharing, or email. Eight of the 23 flaws earned Microsoft’s “critical” rating, meaning no user interaction is required for vulnerable systems to be hacked. At least three of the flaws were publicly disclosed before today.

According to Microsoft, the two updates are the most dire: The first is one related to a critical flaw in Microsoft Word (MS12-029); the second is an unusually ambitious update that addresses flaws present in Microsoft Office, Windows, .NET Framework and Silverlight. In a blog post published today, Microsoft explained why it chose to patch all of these seemingly disparate products all in one go. But the short version is that Microsoft is addressing the ghost of Duqu, a sophisticated malware family discovered last year that was designed to attack industrial control systems and is thought to be related to the infamous Stuxnet worm. A patch Microsoft issued last year addressed the underlying Windows vulnerability exploited by Duqu, but the company found that the same vulnerable code resided in a slew of other Microsoft applications.

Separately, Adobe has issued an update for its Shockwave Player. Adobe recommends that users of Adobe Shockwave Player 11.6.4.634 and earlier for Windows and Macintosh update to Adobe Shockwave Player 11.6.5.635. Fixes are available for Windows and Mac systems, from this link. Windows users can tell if they have Shockwave installed by checking for an entry for the program in the Add/Remove Programs listing from the Windows Control Panel. If you don’t already have this program, I’d recommend keeping it that way. I seem to have gotten along fine without it for several years now, and going without it just means one less buggy application to patch.

As always, if you experience any issues installing these updates, please leave a note in the comments section below.


14 thoughts on “Adobe, Microsoft Push Critical Security Fixes

  1. Debbie Kearns

    Thanks for the heads-up! 🙂

  2. Jay

    Win 7 update come on as advertised until the last fix which returned code 57A yesterday. Same code this morning.

    Security Update for Microsoft Office 2003 (KB2598253)

    Download size: 1.2 MB

    Strange, I don’t have MO 203 installed.

  3. Strange

    I keep getting a “readvertisement” for about 4 of the .NET patches, even after multiple “successful” installs. Odd.

    1. Luke

      I am experiencing the same issues. Did some looking and found an ms “FixIt” that did not fix it.

      The update was successful, but it keeps prompting to install again.

      Some folks report success by reinstalling .Net Framework 2.0 sp2 and 3.5 sp1. ish.

      One other poster reported MS has instructed them check “do not notify me again about this update”. It would work, but the content of these updates makes me weary about letting that pass as a fix.

  4. Stratocaster

    Or if you launch the URL http://www.adobe.com/shockwave/welcome/ and it displays the little Lego / jigsaw puzzle piece thingie, then you don’t have it. But don’t tell it to go out and install the missing plug-in.

    I haven’t had Shockwave at home for years, but when I recently got a new PC at work, I uninstalled it, and no corporate Web app has broken yet.

  5. Top-Rated Comments

    Has anyone counted the number of remote exploit patches released by Microsoft for each version of Windows released?

    It would be an interesting exercise when compared to real Operating Systems such as OpenBSD.

  6. Bob

    why not add a date in your blog article ?after a few day to review,just know this article in 2012.05, but can’t know which day.

    1. heron

      On the home page, “08 May 12” means a publication date of 5/8/12.

      1. Iggie

        But articles that aren’t on the home page don’t have a date except all the way at the bottom just above the comments. I’ve had the same thought when reading through some of the “category” articles and I have to scroll down to the bottom to see if it was recent.

  7. Bill

    Had Adobe push Shockwave to me even though I didn’t have it previously installed. Anyone else see that?

  8. I see your shock and raise you a wave!

    You’d be surprised how much hardware and software have back doors built into them, much of it legally.

    GOOGLE: Cisco routers back doors

    and you’ll find hours of reading material alone just for one company.

    WIKILEAKS: published information on dozens of companies making spyware for hardware and software and selling it to governments.

    When is the last time you checked the firmware on your PCI devices and network card?

    Your router?

    Dumped and checksummed/debugged your BIOS lately?

    Why aren’t the anti-malware companies like Symantec and others climbing over each other in an effort to invent the technology and utilize it via the cloud to create GIANT databases of legit firmware for hardware in the fight against the most serious of root kits? Are they in bed with big bro?

    How many so called remote exploits were patched this week in Windows? This month? This year? Since its release? Start from the beginning of the Windows version release and count all of the remote exploits up to present day and compare that to OpenBSD for example.

  9. CREDIT WIPEOUT!! CREDIT WIPEOUT!!!

    Why are you people trying to hide useful comments? Are you stupid or just paid to by a company?

    Posted again because it’s going to be buried above by derps.

    You’d be surprised how much hardware and software have back doors built into them, much of it legally.

    GOOGLE: Cisco routers back doors

    and you’ll find hours of reading material alone just for one company.

    WIKILEAKS: published information on dozens of companies making spyware for hardware and software and selling it to governments.

    When is the last time you checked the firmware on your PCI devices and network card?

    Your router?

    Dumped and checksummed/debugged your BIOS lately?

    Why aren’t the anti-malware companies like Symantec and others climbing over each other in an effort to invent the technology and utilize it via the cloud to create GIANT databases of legit firmware for hardware in the fight against the most serious of root kits? Are they in bed with big bro?

    How many so called remote exploits were patched this week in Windows? This month? This year? Since its release? Start from the beginning of the Windows version release and count all of the remote exploits up to present day and compare that to OpenBSD for example.

  10. Robert

    Why are you people trying to hide useful comments? Are you stupid or just paid to by a company?

    Posted again because it’s going to be buried above by derps.

    You’d be surprised how much hardware and software have back doors built into them, much of it legally.

    GOOGLE: Cisco routers back doors

    and you’ll find hours of reading material alone just for one company.

    WIKILEAKS: published information on dozens of companies making spyware for hardware and software and selling it to governments.

    When is the last time you checked the firmware on your PCI devices and network card?

    Your router?

    Dumped and checksummed/debugged your BIOS lately?

    Why aren’t the anti-malware companies like Symantec and others climbing over each other in an effort to invent the technology and utilize it via the cloud to create GIANT databases of legit firmware for hardware in the fight against the most serious of root kits? Are they in bed with big bro?

    How many so called remote exploits were patched this week in Windows? This month? This year? Since its release? Start from the beginning of the Windows version release and count all of the remote exploits up to present day and compare that to OpenBSD for example.

    why are they thumbing down your post? I’ll help you repost it because they are going to hide your second attempt, probably people who work for antivirus companies,,, no doubt!!!!

  11. Security1

    Thank you for providing the details about Adobe, Microsoft Push Critical Security Fixes.

Comments are closed.