Microsoft user? Adobe user? Update your systems now

Filed Under: Adobe, Malware, Microsoft, PDF, Vulnerability

Critical
As part of its regular "Patch Tuesday" cycle, Microsoft has released a number of fixes for a number of its widely deployed products to patch critical security vulnerabilities.

Eight of the critical patches, addressing vulnerabilities in Windows, Microsoft Office, Internet Explorer, Silverlight, SQL Server, Forefront, Visual Studio, and other products, aim to stop hackers dead in their tracks from launching malicious attacks remotely.

A further five of the patches are classified as "important."

In total, 34 security holes are fixed in what is Microsoft's largest ever bundle of Patch Tuesday security updates.

Microsoft's security response center has also released a chart, showing the severity of each vulnerability. "Red" means "critical" - in other words, that's as bad as thing gets.

So the amount of "red" you see below should be a good indication of how serious these vulnerabilities are. If any more underlining of the importance were necessary, bear in mind that functioning code which exploits some of the vulnerabilities addressed by Microsoft's patches has already been published.

MS patch exploitability chart October 2009

You can learn much more about the patches in an advisory posted on Microsoft's website.

Meanwhile, Adobe has also issued advice regarding critical vulnerabilities in Adobe Reader and Adobe Acrobat. Unlike the patches released by Microsoft, Adobe's fixes cover Windows, Apple Mac OS X, and Unix/Linux.

In total, the Adobe fixes patch a stonking 29 vulnerabilities. Sophos has already seen malware which exploits some of the vulnerabilities affecting the Adobe PDF file format.

Over on his blog, Chet has some interesting things to say about these latest patches - looking in greater detail at some of the vulnerabilities, and questioning whether Adobe could learn a thing or two from Microsoft when it comes to responding to flaws in their code. SophosLabs has also blogged about the vulnerabilities.

Whether you agree with Chet or not, one thing is clear - if you're an affected Microsoft or Adobe user, you need to roll these patches out as a matter of priority.

, , , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.