Adobe and Microsoft today each issued security updates to fix critical vulnerabilities in their software. Microsoft pushed 14 patches to address problems in Windows, Office, Internet Explorer at .NET, among other products. Separately, Adobe issued an update for its Flash Player software that corrects at least 18 security issues.
Microsoft is urging Windows users who browse the Web with Internet Explorer to use a free tool called EMET to block attacks against a newly-discovered and unpatched critical security hole in IE versions 7, 8 and 9. But some experts say that advice falls short, and that users can better protect themselves by using an alternative browser until Microsoft can issue a proper patch.
I recently began publishing a series of advice columns for people who are interested in learning more about security as a craft or profession. For the third installment in this series, I interviewed Jeremiah Grossman, chief technology officer of WhiteHat Security, a Web application security firm.
A frequent speaker on a broad range of security topics, Grossman stressed the importance of coding, networking, and getting your hands dirty (in a clean way, of course).
Adobe and Microsoft today each issued critical updates to plug security holes in their products. The patch batch from Microsoft fixes at least 11 flaws in Windows and Windows software. Adobe’s update tackles four vulnerabilities that are present in current versions of Adobe Acrobat and Reader.
Seven of the 11 bugs Microsoft fixed with today’s release earned its most serious “critical” rating, which Microsoft assigns to flaws that it believes attackers or malware could leverage to break into systems without any help from users. In its security bulletin summary for April 2012, Microsoft says it expects miscreants to quickly develop reliable exploits capable of leveraging at least four of the vulnerabilities.