Posts Tagged: Microsoft Edge

Nov 15

Critical Fixes for Windows, Adobe Flash Player

For the third time in a month, Adobe has issued an update to plug security holes in its Flash Player software. The update came on Patch Tuesday, when Microsoft released a dozen patches to fix dozens of vulnerabilities in Windows, Internet Explorer, Skype and other software.

brokenwindowsOne-quarter of the patches from Microsoft address flaws that the company labels “critical,” meaning they can be exploited by malware or malcontents to break into vulnerable systems with no help from users. Four of the bulletins address vulnerabilities that were publicly disclosed prior to Patch Tuesday, meaning malicious hackers had a head start in figuring out how to exploit those weaknesses.

Top of the priority list among these 12 patches should probably be the one for Internet Explorer, which fixes more than two dozen flaws in IE, nearly all of them critical, browse-to-a-hacked-site-and-get-owned flaws. Another patch, MS15-113, fixes critical bugs in Microsoft’s Edge Browser, its intended replacement for IE. Also of note is a Microsoft Office patch that addresses seven flaws.

This month also includes a patch for .NET, a program that past experience has taught me to patch separately. If you use Windows and Windows Update says you have patches available for .NET, consider unchecking those updates until you’ve applied the rest released on Tuesday. Reboot and install any available .NET updates.

Separately, Adobe issued a patch for its Flash Player software that fixes at least 17 vulnerabilities in the program and in Adobe AIR. Adobe says it is not aware of any exploits in the wild for issues addressed in this update, but readers should seriously consider whether having Flash installed and/or enabled in the browser is worth the risk.  Continue reading →

Sep 15

Microsoft Pushes a Dozen Security Updates

Microsoft today released a dozen security updates for computers running supported versions of its Windows operating system. Five of the patches fix flaws that could get PCs compromised with little to no help from users, and five of the bulletins have vulnerabilities that were publicly disclosed before today (including one that reportedly has been detected in exploits in the wild). Separately, Adobe is pushing a security update for its Shockwave Player – a browser plugin that I’ve long urged readers to junk.

brokenwindowsAccording to security firm Shavlik, the patches that address flaws which have already been publicly disclosed include a large Internet Explorer (IE) update that corrects 17 flaws and a fix for Microsoft Edge, Redmond’s flagship replacement browser for IE; both address this bug, among others.

A critical fix for a Windows graphics component addresses flaws that previously showed up in two public disclosures, one of which Shavlik says is currently being exploited in the wild (CVE-2015-2546).  The 100th patch that Microsoft has issued so far this year — a salve for Windows Media Player – fixes two different vulnerabilities that were publicly disclosed before today (CVE-2015-2509 and CVE-2015-2504).

In other important patch news today, Adobe has released a security update for its Shockwave Player browser plugin. If you need this program, then update it; the latest version is v. But in my experience, most users don’t need it and are better off without it. For more on what I say that, see Why You Should Ditch Adobe Shockwave.

Not sure whether your computer has Shockwave installed? If you visit this link and see a short animation, it should tell you which version of Shockwave you have installed. If it prompts you to download Shockwave (or in the case of Google Chrome for some reason just automatically downloads the installer), then you don’t have Shockwave installed. To remove Shockwave, grab Adobe’s uninstall tool here. Mozilla Firefox users should note that the presence of the “Shockwave Flash” plugin listed in the Firefox Add-ons section denotes an installation of Adobe Flash Player plugin — not Adobe Shockwave Player.