Microsoft’s Patch Tuesday has come and gone and we’re in for a treat of new patches for the month, plus a handful from Adobe. Oracle runs on a quarterly patch schedule and will not be releasing any scheduled updates until July. But without further delay, here is the break down you’ve been holding your breath for:
- Two critical updates that cover Microsoft Internet Explorer, including the one reported earlier this month. Both of these patches cover remote code execution vulnerabilities that could allow an attacker to take control of a system.
- Eight important updates for various Microsoft programs including Microsoft Windows (all versions, including 8; one patch is specially for 8), Microsoft Office (versions 2003, 2007, and 2010; 2013 is not affected), Microsoft Windows Essentials and other programs.
- One update to Adobe Reader and Acrobat that could crash the program and allow an attacker to take control of a computer system.
- One update to Adobe Flash Player that could crash the program and allow an attacker to take control of a computer system.
- One update to Adobe Coldfusion that could allow an unauthenticated attacker to retrieve files from a server. There is currently reports of attacks successfully utilizing this vulnerability in the wild.
Users are encouraged to apply these updates to a test system prior to deployment to their critical systems to test for conflicts and problems caused by the updates to existing programs. Microsoft Windows users are encouraged to test and apply both Critical updates as soon as possible to avoid potential exploitation.
There are currently limited known attacks against the Microsoft updates, including those reported on May 3rd. This particular update affects Internet Explorer 8 which is the maximum version that Windows XP supports of Internet Explorer. Therefore, users of Windows XP are highly encouraged to test and deploy this update to their systems as soon as possible.
Here are links to the advisories:
Additional reminder that Windows XP support ends April 8th 2014 and all current users of Windows XP are encouraged to upgrade to a newer Operating System.
If you have any questions or would like to schedule an onsite service call to verify these updates are properly installed, please contact us today.