Critical security updates for users of Microsoft and Adobe software

Microsoft and AdobePatch Tuesday has been and gone, which means that if you're responsible for the security of the computers in your office - or the ones you use at home - it's time to update your systems once again.

And it's not just Microsoft who has released a raft of security patches, hacking victim Adobe has jumped onboard the bus too.

Here are the essential details:

Microsoft Security Bulletin Summary for October 2013

  • MS13-080 Cumulative Security Update for Internet Explorer
  • Rated "Critical". This is the most important one, as it includes the long-awaited security patch for a zero-day Internet Explorer vulnerability that has been exploited by malicious hackers in the wild.

  • MS13-081 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
  • Rated "Critical". The most severe of these vulnerabilities could allow remote code execution if a user views shared content that embeds OpenType or TrueType font files. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.

  • MS13-082 Vulnerabilities in .NET Framework Could Allow Remote Code Execution
  • Rated "Critical". The most severe of the vulnerabilities could allow remote code execution if a user visits a website containing a specially crafted OpenType font (OTF) file using a browser capable of instantiating XBAP applications.

  • MS13-083 Vulnerability in Windows Common Control Library Could Allow Remote Code Execution
  • Rated "Critical". The vulnerability could allow remote code execution if an attacker sends a specially crafted web request to an ASP.NET web application running on an affected system. An attacker could exploit this vulnerability without authentication to run arbitrary code. Fortunately, this vulnerability was privately disclosed to Microsoft - if malicious hackers learn how to exploit it, they might attempt to weaponise it into a fast-spreading worm.

  • MS13-084 Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution
  • Rated "Important". Includes fixes for two vulnerabilities, the more severe of which could allow remote code execution if a user opens a specially crafted Office file in an affected version of Microsoft SharePoint Server, Microsoft Office Services, or Web Apps.

  • MS13-085 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
  • Rated "Important". The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file with an affected version of Microsoft Excel or other affected Microsoft Office software.

  • MS13-086 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
  • Rated "Important". The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software.

  • MS13-087 Vulnerability in Silverlight Could Allow Information Disclosure
  • Rated "Important". The vulnerability could allow information disclosure if an attacker hosts a website that contains a specially crafted Silverlight application that could exploit this vulnerability and then convinces a user to view the website.

Security update for Adobe Robohelp

  • APSB13-24 Security update for RoboHelp 10 on Windows
  • Rated "Critical". The update fixes a vulnerability that could allow an attacker to run malicious code on users' computers. The good news is that Adobe has not seen this vulnerability being exploited in the wild.

Security update for Adobe Reader and Acrobat

  • APSB13-25 Security updates for Adobe Reader XI (11.0.04) for Windows and Adobe Acrobat XI (11.0.04) for Windows
  • Rated "Critical". Adobe hasn't released specific details, over than to say the update fixes vulnerability affecting the products' Javascript security controls. Embarrasingly for the company (as if it wasn't having enough problems), this appears to be a flaw which has been reintroduced, after being previously fixed before. Only the Windows version of the software is affected, so Mac users can rest a little easier.

You can learn more, and grab the patches, by following the links above. If you are wanting to protect your home computer it might be sensible to ensure that you have automatic installation of security updates enabled.

Even though recently there have been too many instances of Microsoft releasing a security fix, only to later withdraw it and released a *fixed* version of the security fix, it's generally good sense for most consumers to allow their computers to automatically install updates when possible.

Tags: , , , , , , , ,

Smashing Security audio podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, , , , , , , ,

No comments yet.

Leave a Reply