Security patches for Microsoft products and Adobe Flash – what are you waiting for?

Graham Cluley

Internet ExplorerSticking to its regular monthly schedule, Microsoft has issued the latest security patches for a variety of its products, plugging 29 vulnerabilities in Windows and Internet Explorer.

A blog post from Microsoft’s Dustin Childs summarises the security bulletins, emphasising that patches for Windows Journal and Internet Explorer should be “top of your list”.

The most critical of the flaws could see your computer infected by malware if you visit a boobytrapped webpage using a vulnerable version of Internet Explorer, or for an attacker to run malicious code on your Windows PC if you open a poisoned Windows Journal file. Windows Journal is built into Windows Vista, Windows 7 and Windows 8.

Microsoft graphic

If you’re finding it tricky to determine which of Microsoft security patches is relevant to your organisation, you may wish to try out the company’s free and recently-introduced myBulletins service which provides a simple customised dashboard view.

More details of Microsoft’s latest security advisories can be found in the official Microsoft Security Bulletin Summary for July 2014.

Adobe FlashAdobe, meanwhile, has issued a critical security update for Adobe Flash Player addressing a variety of flaws, and mitigating against the so-called Rosetta Flash attack publicised by Google security researcher Michele Spagnuolo.

Less serious flaws have also been patched in Adobe AIR.

Further details are available in Adobe’s security bulletin APSB14-17.

Adobe table of patches

Adobe says it is not aware of any exploitation of the flaws in the wild, but it always makes sense to keep your copies of Adobe products updated against newly-discovered vulnerabilities.

Users are advised to check that they are running the latest version of Adobe Flash – version 14.0.0.145 – on their Windows, Mac and Linux computers. Although Adobe Flash may be configured to automatically update on many users’ computers, some users have reported that it can sometimes take days before they a security update is rolled out to them.

For that reason, you may prefer to visit Adobe’s site directly to download the latest version.

You can check which version of Flash your computer is running by visiting this page on Adobe’s site.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

2 Replies to “Security patches for Microsoft products and Adobe Flash – what are you waiting for?”

    1. One word: Yes.

      Elaboration: Besides the two points that I outline below (which is most important), many software developers rely on IE itself[1] as an interface. I know this was the case years ago and I can only assume it still is. While it is possible you would not be subjected to the flaws (based on how the software uses IE) it would be safest to update.

      In general there's two things to consider:
      1) If you aren't using it why have it installed? With WIndows I think you will need to have IE Installed. See my footnote below for further information.
      2) It is vulnerable regardless of you disabling (or not using it). Patch it and remove all doubt (at least all doubt that can be removed with MS).

      [1] I am an anti-MS, anti-Apple bigot. At least I admit it. The way MS made it a core component of Windows means the software that uses it might be doing what they should be doing. However, why any OS relies on a web browser is another question entirely (and a question I know that even if MS wanted to answer, they could not answer because it is a long time practice). OS's should have core components of course (as a way for the user to interact with the computer… it sort of is required), but why a web browser… is the question. Regardless, it's what they did and that is that – patch your system! It's the only sensible thing to do.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES