Don’t delay. Get your Microsoft and Adobe security patches while they’re hot


Windows holeAnother Patch Tuesday, means another round of security updates from Microsoft and Adobe, designed to fix critical vulnerabilities in their software.

First up for inspection is Microsoft, which issued (a low by its usual standards) four patches - two deemed “critical” and two ranked “important”, but all capable of allowing a malicious attacker to remotely execute code if successfully exploited.

This Patch Tuesday is making more headlines for Microsoft users than normal, because it is the very last time that Redmond will be issuing patches for Office 2003 and Windows XP.

The update which is probably most essential to patch as soon as possible is MS14-017, as one of the vulnerabilities it addresses is currently being actively exploited by malicious attackers in the wild, and means that simply previewing a message in Outlook could lead to computers becoming infected.

A cumulative patch for Internet Explorer (MS14-018) has also been ranked “critical”, and addresses six different vulnerabilities which could be exploited by remote hackers to run malicious code. The patch is said to be required by all versions of Internet Explorer except IE10.

More information about the patches can be found in Microsoft’s blog post.

Of course, it’s not just Microsoft customers who need to make sure they are downloading the latest patches every second Tuesday of each month. Adobe users should be ready for action as well, as the company typically times its scheduled security updates with Redmond.

This time around Adobe has fixed a number of critical vulnerabilities in Flash, which - it says - have not been seen exploited in the wild as yet. Clearly, it’s important that things remain that way - so users are advised to update to Flash version on their Windows, Mac and Linux systems.

Users of Adobe Air, which is used by some desktop products, should also be kept updated. The latest version is

As always, if grabbing a new version of Adobe Flash from the company’s website be careful not to be tricked into also downloading third-party software like McAfee Security Scan.

McAfee, bundled with Adobe

It’s a cheap and dirty trick, and companies like Adobe (and indeed McAfee) should know better than to endorse it.

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

One Response

  1. Havenswift Hosting

    April 9, 2014 at 12:44 pm #

    Amazed that Adobe still insists on having the link up with McAfee Security Scan and having the box ticked - I am sure that plenty of people dont read and dont untick and end up with software they dont need or want. Completely agree that it is a cheap and dirty trick that you normally see with cowboy software companies

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.