Don’t delay. Get your Microsoft and Adobe security patches while they’re hot

Graham Cluley

Windows holeAnother Patch Tuesday, means another round of security updates from Microsoft and Adobe, designed to fix critical vulnerabilities in their software.

First up for inspection is Microsoft, which issued (a low by its usual standards) four patches – two deemed “critical” and two ranked “important”, but all capable of allowing a malicious attacker to remotely execute code if successfully exploited.

This Patch Tuesday is making more headlines for Microsoft users than normal, because it is the very last time that Redmond will be issuing patches for Office 2003 and Windows XP.

The update which is probably most essential to patch as soon as possible is MS14-017, as one of the vulnerabilities it addresses is currently being actively exploited by malicious attackers in the wild, and means that simply previewing a message in Outlook could lead to computers becoming infected.

A cumulative patch for Internet Explorer (MS14-018) has also been ranked “critical”, and addresses six different vulnerabilities which could be exploited by remote hackers to run malicious code. The patch is said to be required by all versions of Internet Explorer except IE10.

More information about the patches can be found in Microsoft’s blog post.

Of course, it’s not just Microsoft customers who need to make sure they are downloading the latest patches every second Tuesday of each month. Adobe users should be ready for action as well, as the company typically times its scheduled security updates with Redmond.

This time around Adobe has fixed a number of critical vulnerabilities in Flash, which – it says – have not been seen exploited in the wild as yet. Clearly, it’s important that things remain that way – so users are advised to update to Flash version 13.0.0.182 on their Windows, Mac and Linux systems.

Users of Adobe Air, which is used by some desktop products, should also be kept updated. The latest version is 13.0.0.83.

As always, if grabbing a new version of Adobe Flash from the company’s website be careful not to be tricked into also downloading third-party software like McAfee Security Scan.

McAfee, bundled with Adobe

It’s a cheap and dirty trick, and companies like Adobe (and indeed McAfee) should know better than to endorse it.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Don’t delay. Get your Microsoft and Adobe security patches while they’re hot”

  1. Amazed that Adobe still insists on having the link up with McAfee Security Scan and having the box ticked – I am sure that plenty of people dont read and dont untick and end up with software they dont need or want. Completely agree that it is a cheap and dirty trick that you normally see with cowboy software companies

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES