I’ve missed a few weeks with my recent travel, and boy do we have a lot to talk about with security updates this week! In fact, there is so much, I’m going to have to give it to you in condensed form, and provide the links for further reading if you’re interested. We’ve had a big Windows patch Tuesday for October (the biggest ever!), some Apple updates and some Adobe updates. Remember, keeping up to date, currently patched software is a major step in keeping your system secure and protected against malware and worse.
Let’s start with the Microsoft Windows updates.
As they are wont to do, Microsoft released their monthly update on the second Tuesday of October, and this month there were a massive number of patches for Windows, Office and related Microsoft applications. The canonical list, with links to tech bulletins, can be found at the Microsoft Security October 2009 Update page.
October’s updates include a total of 13 separate security updates, two of which are the standard monthly updates for Outlook Junk Email filter, and the Windows Malicious Software Removal Tool (mrt.exe). But the other 11 updates include patches for no less than 29 critical vulnerabilities, spanning a gamut of OS-related modules:
- Active Template Library (ATL) vulnerabilities (4 patches)
- Internet Explorer (4 patches)
- Silverlight and .NET framework (3 patches)
- GDI+ (the OS Graphics engine) (8 patches)
- Windows Media Player and Runtime (3 patches)
- Windows Kernel (3 patches)
- Indexing Service (1 patch)
- Windows Crypto API (2 patches)
- Windows LSASS service (1 patch)
The moral of the story here – make sure you have automatic updates turned ON. More than a few of these vulnerabilities are already being exploited in the wild, and the release of patches is a signal to malicious entities to begin trying to exploit un-patched machines.
Apple releases iPhone OS 3.1.2
The update for the iPhone OS contains several fixes for issues that have been plaguing iPhone users, including:
- A sporadic issue that may cause iPhone to not wake from sleep
- Resolution to an intermittent issue that may interrupt cellular network services until restart
- Bug fix to remedy crashes during video streaming
This update applies to all versions of the iPhone, and is available through iTunes, so synch those devices and get your update!
Adobe releases security updates for Acrobat and Reader
Acrobat and Reader have been updated as follows:
- Windows and Mac from 9.1.3 to 9.2
- Legacy Windows and Mac, from 8.1.6 to 8.1.7
- Linux version, from 7.1.3 to 7.1.4
From Adobe’s security page:
Critical vulnerabilities have been identified in Adobe Reader 9.1.3 and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and UNIX, and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. This update represents the second quarterly security update for Adobe Reader and Acrobat.
Adobe Reader users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.
Adobe Reader users on Macintosh can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.
Adobe Reader users on UNIX can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix.
Acrobat Standard and Pro users on Windows can find the appropriate update here:
Acrobat Pro Extended users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
Acrobat 3D users on Windows can find the appropriate update here:
Acrobat Pro users on Macintosh can find the appropriate update here:
Adobe categorizes this as a critical update.