Another Busy Patch Release Day…

Microsoft has released 14 patches against 34 vulnerabilities, plenty of them are remote code execution, however most were privately disclosed.  Adobe has half a dozen.

It’s just so much easier to go to the SANS website rather than have me do a quick rehash of the excellent job they’ve already done in analyzing these vulnerability reports.  Take the CRITICALS on the board to heart when consiudering priorities.  There are a number of vulnerabilities in this patch release that I am going to be placing on my watch list, and I expect them to get some quick play on the dev boards.  Also note the exploit code and 0-day updates.

Adobe also released a number of patches for their products, patching 6 vulnerabilities in Flash Player, all of them rated critical.   Today’s update was 2010’s third for Flash Player, a browser plug-in that’s installed on an estimated 99% of all personal computers.  Previous updates in March and June have fixed a total of 33 other flaws.  One of the patches is a second try for Adobe.  The company tried to patch the CVE-2010-2188 flaw in Flash Player 2 months ago.  However, about 2 weeks later, Adobe admitted its fix had failed, leaving users hanging with technical information and research papers published about the vulnerability.

Adobe revealed only the scantest of details about the freshly patched bugs in their security advisory.  5 of the 6 were labeled as “memory corruption” vulnerabilities, while the 6th could potentially be used in a “click-jacking” attack.  Adobe is unaware of any in-the-wild exploitation of the vulnerabilities. 

Here are the links to the each of the security updates,

Flash Media Server – Rated Critical by Adobe

Adobe AIR and Flash – Rated Critical by Adobe

ColdFusion – Rating : Rated Important by Adobe


One thought on “Another Busy Patch Release Day…

  1. Pingback: Another Busy Patch Release Day… — National Cyber Security National Cyber Security

Comments are closed.