Critical Security Fixes from Adobe, Microsoft

[Nytro]

[h=2]Critical Security Fixes from Adobe, Microsoft[/h]Adobe and Microsoft each issued security updates today to fix critical vulnerabilities in their software. Adobe’s fixes include a patch for a Flash Player flaw that is actively being exploited to break into Windows computers. Microsoft’s Patch Tuesday release includes nine patch bundles — more than half of them rated critical — addressing at least 27 security holes in Windows and related software.

The most pressing of the updates Adobe released today is the Flash Player patch, which fixes a critical flaw (CVE-2012-1535) in the ubiquitous media player software. Adobe says there are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Microsoft Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.

Nevertheless, the underlying vulnerability being targeted exists in Windows, Mac and Linux versions of the software. Windows and Mac users can grab the latest version (v. 11.3.300.271) via the Flash Player download center. Be sure to uncheck the “free” software scans that Adobe loves to bundle with updates, such as McAfee‘s obnoxious Security Scan Plus, if you don’t want it. Linux users should update to v. 11.2.202.238, and Chrome users want to be at v. 11.3.330.270 (normally Chrome auto-updates Flash, but recently it’s been sluggish to do so: my Chrome installation is still at v. 11.3.31.225. I will update this post in a bit with the direct links to the Flash Player downloads.

Adobe also pushed out a new version (v. 10.1.4) of Adobe Acrobat and Reader that corrects at least 20 distinct security vulnerabilities in Windows and Mac versions of these products. Windows users can grab the latest update from this link, and Mac users from here. Those looking for links to Adobe Acrobat updates and support for older versions of Reader should check the advisory that the company issued today for more information.

In addition, Adobe released an update that fixes at least five critical flaws in Windows and Mac versions of its Shockwave Player software. If you have this program installed, update it. If not, forget about this patch, as you probably don’t need the software. The latest version is Shockwave Player 11.6.6.636 and is available via this link.

At the top of the heap of security updates that Microsoft released today is MS12-060, which fixes a vulnerability in Microsoft Office that is already being exploited in the wild. Other high-priority updates from Redmond include a patch for a flaw in the Remote Administration protocol of Windows networking, and an Internet Explorer update that fixes two security holes. More information on the Windows patches is available from Microsoft’s Security Response Center and from Qualys.

Microsoft patches are available through Windows Update or Automatic Update. As usual, please leave a note in the comments section if you experience problems applying any of these updates.

Sursa: Critical Security Fixes from Adobe, Microsoft — Krebs on Security