Microsoft and Adobe each released patches today to plug critical security holes in their products. Microsoft issued seven update bundles to address at least 19 20 vulnerabilities in Windows and related software. Adobe released the fourth security update in nearly as many weeks for its Flash Player software, as well as a fix for Adobe AIR.
Microsoft today began pushing out seven security patches, four of them rated “critical,” meaning the flaws they fix could be used by malware or bad guys to break into unpatched systems with little or no help from users. The critical patches address bugs in Windows, Internet Explorer, Microsoft Silverlight, Microsoft Office and Microsoft SharePoint. Updates are available for Windows XP, Vista, Windows 7, Windows 8, Windows Server 2003, 2008 and 2012.
More information on the Microsoft patches is available at the Microsoft security response center blog, which also discusses some changes to the way security updates are applied to apps available through the Windows Store.
The update from Adobe brings Flash Player to version 11.6.602.180 on Windows and Mac OS X systems (see the chart below for the most recent version numbers on other operating systems). This patch fixes at least four security flaws in Flash Player. Adobe says it is not aware of any exploits or attacks in the wild targeting the issues addressed in this update. But that could change soon, so if you have Flash installed (and most users do), please take a moment to update it.
This link should tell you which version of Flash your browser has installed. The most recent versions are available from the Adobe download center, but beware potentially unwanted add-ons, like McAfee Security Scan). To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.
Google Chrome and Internet Explorer 10 have built-in auto-update features that should bring Flash to the most recent version. The patched version of Flash for Chrome is 11.6.602.180 for Windows, Macintosh and Linux, although it does not appear that Google has pushed out this update yet. Windows users who browse the Web with anything other than Internet Explorer will need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).
Finally, if you have Adobe AIR installed (required by some programs like Tweetdeck and Pandora Desktop), you’ll want to update this program. AIR ships with an auto-update function that should prompt users to update when they start an application that requires it; the newest, patched version is 18.104.22.16890 for Windows, Mac, and Android.