Critical security updates from Microsoft and Adobe
It was “Patch Tuesday” yesterday, which means another parcel of security updates for computer users to unwrap, and this time the fixes aren’t just from Microsoft, but from Adobe too.
First on the menu is Microsoft, which has served up two security bulletins detailing vulnerabilities that could be exploited by hackers to execute malicious code (such as a worm) on your computer.
The first of these security holes exists in Outlook Express, Windows Mail, and Windows Live Mail. Microsoft’s Security Research & Defense blog goes into some detail about the vulnerability, explaining that although the security hole is given a “critical rating” on Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008, it is considered less serious for Windows 7 users as Windows Live Mail is not installed by default on that platform.
The other patch from Microsoft addresses a vulnerability in Visual Basic for Applications, a component used by Microsoft Office and other third-party products. Microsoft has given this security update its highest possible rating – “Critical” – for all supported versions of Microsoft Visual Basic for Applications SDK and third-party applications that use Microsoft Visual Basic for Applications. It is also rated “Important” for all supported editions of Microsoft Office XP, Microsoft Office 2003, and the 2007 Microsoft Office System.
Next up is Adobe, who have released patches to squash over 20 security vulnerabilities in its Shockwave and ColdFusion products.
The critical vulnerabilities identified in Adobe Shockwave Player 220.127.116.116 and earlier versions impact both Windows and Macintosh users, and could allow attackers to run malicious code on your computer.
Adobe recommends that users update their version of Adobe Shockwave Player to version 18.104.22.1689.
Details of the ColdFusion vulnerabilities, classed as “important”, are provided in Adobe Security Bulletin APSB10-11.
Enough of waffle. Download and install the patches if your computer is affected.
By Graham Cluley, Sophos