Security patches for Microsoft products and Adobe Flash - what are you waiting for?


Internet ExplorerSticking to its regular monthly schedule, Microsoft has issued the latest security patches for a variety of its products, plugging 29 vulnerabilities in Windows and Internet Explorer.

A blog post from Microsoft’s Dustin Childs summarises the security bulletins, emphasising that patches for Windows Journal and Internet Explorer should be “top of your list”.

The most critical of the flaws could see your computer infected by malware if you visit a boobytrapped webpage using a vulnerable version of Internet Explorer, or for an attacker to run malicious code on your Windows PC if you open a poisoned Windows Journal file. Windows Journal is built into Windows Vista, Windows 7 and Windows 8.

Microsoft graphic

If you’re finding it tricky to determine which of Microsoft security patches is relevant to your organisation, you may wish to try out the company’s free and recently-introduced myBulletins service which provides a simple customised dashboard view.

More details of Microsoft’s latest security advisories can be found in the official Microsoft Security Bulletin Summary for July 2014.

Adobe FlashAdobe, meanwhile, has issued a critical security update for Adobe Flash Player addressing a variety of flaws, and mitigating against the so-called Rosetta Flash attack publicised by Google security researcher Michele Spagnuolo.

Less serious flaws have also been patched in Adobe AIR.

Further details are available in Adobe’s security bulletin APSB14-17.

Adobe table of patches

Adobe says it is not aware of any exploitation of the flaws in the wild, but it always makes sense to keep your copies of Adobe products updated against newly-discovered vulnerabilities.

Users are advised to check that they are running the latest version of Adobe Flash - version - on their Windows, Mac and Linux computers. Although Adobe Flash may be configured to automatically update on many users’ computers, some users have reported that it can sometimes take days before they a security update is rolled out to them.

For that reason, you may prefer to visit Adobe’s site directly to download the latest version.

You can check which version of Flash your computer is running by visiting this page on Adobe’s site.

Tags: , , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , , ,

2 Responses

  1. TheMichael Arch

    July 9, 2014 at 2:00 pm #

    if I’ve disable the Internet Explorer in Windows features do i still need to update the IE in windows update?

    • Coyote in reply to TheMichael Arch.

      July 13, 2014 at 10:40 pm #

      One word: Yes.

      Elaboration: Besides the two points that I outline below (which is most important), many software developers rely on IE itself[1] as an interface. I know this was the case years ago and I can only assume it still is. While it is possible you would not be subjected to the flaws (based on how the software uses IE) it would be safest to update.

      In general there’s two things to consider:
      1) If you aren’t using it why have it installed? With WIndows I think you will need to have IE Installed. See my footnote below for further information.
      2) It is vulnerable regardless of you disabling (or not using it). Patch it and remove all doubt (at least all doubt that can be removed with MS).

      [1] I am an anti-MS, anti-Apple bigot. At least I admit it. The way MS made it a core component of Windows means the software that uses it might be doing what they should be doing. However, why any OS relies on a web browser is another question entirely (and a question I know that even if MS wanted to answer, they could not answer because it is a long time practice). OS’s should have core components of course (as a way for the user to interact with the computer… it sort of is required), but why a web browser… is the question. Regardless, it’s what they did and that is that - patch your system! It’s the only sensible thing to do.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.