Adobe and Microsoft have each released security updates to fix critical security flaws in their software. Microsoft issued seven update bundles to fix at least 10 vulnerabilities in Windows and other software. Separately, Adobe pushed out a fix for its Flash Player and AIR software that address at least three critical vulnerabilities in these programs.
A majority of the bugs quashed in Microsoft’s patch batch are critical security holes, meaning that malware or miscreants could exploit them to seize control over vulnerable systems with little or no help from users. Among the critical patches is an update for Internet Explorer versions 9 and 10 (Redmond says these flaws are not present in earlier versions of IE).
Other critical patches address issues with the Windows kernel, Microsoft Word, and Microsoft Exchange Server. The final critical bug is a file handling vulnerability in Windows XP, Vista and 7 that Microsoft said could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name. Yikes. Updates are available through Windows Update or via Automatic Updates.
Adobe shipped a Flash Player update for Windows, Mac, Linux and Android installations of the software. The appropriate new version number is listed by operating system in the chart below. Adobe says that Flash Player installed with Internet Explorer 10 for Windows 8 and Google Chrome should be updated automatically; on Windows the latest version should be 11.5.502.135, and Chrome users on Windows, Mac or Linux who have the latest version of Chrome (v. 23.0.1271.97) should have version 188.8.131.52 installed.
Most users can find out what version of Flash they have installed by visiting this link. Adobe urges users to grab the latest updates from its Flash Player Download Center, but that option pushes junk add-ons like McAfee VirusScan. Instead, download the appropriate version for your system from Adobe’s Flash Player Distribution page.
Updates for Adobe AIR are available from this link.
If all of this updating nonsense has your head spinning, or if you are the unofficial or de facto tech support person for your friends and family, consider installing a free update management product like Secunia’s Personal Software Inspector (I prefer the 2.x version) or FileHippo’s Update Checker, either of which can make it far easier to stay on top of the latest security patches for important software.
As always, if you experience problems or issues installing any of these updates, please leave a note about in the comments below.