Thursday, October 10, 2013

Important security updates

Take a moment to get these because they're pretty important:
Adobe and Microsoft today each issued software updates to fix critical security issues in their products. Microsoft released eight patch bundles to address 26 different vulnerabilities in Windows and other software – including not just one but two zero-day bugs in Internet Explorer. Adobe’s patches fix a single critical vulnerability present in both Adobe Acrobat and Reader.

Four of the eight patch bulletins from Microsoft earned its most dire “critical” rating, meaning the updates fix problems deemed so severe that miscreants or malware could use them to break into vulnerable systems without any help from users.
The easiest way to make sure that you have the Microsoft fixes is Windows Update.  You'll want to use Internet Explorer to visit this page because Windows Update will more or less automatically start up that way.  Simples.

The Adobe fix is available here.  If you read PDFs, you'll want this.  Bad guys can embed attacks in a PDF that would attack you while you read a document.  It's a handy way for them to serve up poisoned bait to you.


Matt W said...

Thanks for the heads up, ever since moving into the audit side of things I feel like I'm out of the loop when new critical updates are issued.

A note on the Adobe patch, version X (10.1.8) or earlier are not effected

Erin Palette said...

But what if I think Adobe Reader is a bloated, slow, awkward mess, and I'd much rather use a faster program like PDF X-change? Am I opening myself up to embedded attacks if I don't use Adobe?

Borepatch said...

Erin, if you're not using Reader you're safe from these problems.