Microsoft user? Adobe user? Update your systems now

by Graham Cluley on October 14, 2009 | Comments Off

Filed Under: Malware, Vulnerability

Critical
As part of its regular "Patch Tuesday" cycle, Microsoft has released a number of fixes for a number of its widely deployed products to patch critical security vulnerabilities.

Eight of the critical patches, addressing vulnerabilities in Windows, Microsoft Office, Internet Explorer, Silverlight, SQL Server, Forefront, Visual Studio, and other products, aim to stop hackers dead in their tracks from launching malicious attacks remotely.

A further five of the patches are classified as "important."

In total, 34 security holes are fixed in what is Microsoft's largest ever bundle of Patch Tuesday security updates.

Microsoft's security response center has also released a chart, showing the severity of each vulnerability. "Red" means "critical" - in other words, that's as bad as thing gets.

So the amount of "red" you see below should be a good indication of how serious these vulnerabilities are. If any more underlining of the importance were necessary, bear in mind that functioning code which exploits some of the vulnerabilities addressed by Microsoft's patches has already been published.

MS patch exploitability chart October 2009

You can learn much more about the patches in an advisory posted on Microsoft's website.

Meanwhile, Adobe has also issued advice regarding critical vulnerabilities in Adobe Reader and Adobe Acrobat. Unlike the patches released by Microsoft, Adobe's fixes cover Windows, Apple Mac OS X, and Unix/Linux.

In total, the Adobe fixes patch a stonking 29 vulnerabilities. Sophos has already seen malware which exploits some of the vulnerabilities affecting the Adobe PDF file format.

Over on his blog, Chet has some interesting things to say about these latest patches - looking in greater detail at some of the vulnerabilities, and questioning whether Adobe could learn a thing or two from Microsoft when it comes to responding to flaws in their code. SophosLabs has also blogged about the vulnerabilities.

Whether you agree with Chet or not, one thing is clear - if you're an affected Microsoft or Adobe user, you need to roll these patches out as a matter of priority.

Tags: , , , ,

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.