Critical security updates from Microsoft and Adobe

Filed Under: Adobe, Microsoft, Vulnerability

Critical
It was "Patch Tuesday" yesterday, which means another parcel of security updates for computer users to unwrap, and this time the fixes aren't just from Microsoft, but from Adobe too.

First on the menu is Microsoft, which has served up two security bulletins detailing vulnerabilities that could be exploited by hackers to execute malicious code (such as a worm) on your computer.

The first of these security holes exists in Outlook Express, Windows Mail, and Windows Live Mail. Microsoft's Security Research & Defense blog goes into some detail about the vulnerability, explaining that although the security hole is given a "critical rating" on Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008, it is considered less serious for Windows 7 users as Windows Live Mail is not installed by default on that platform.

The other patch from Microsoft addresses a vulnerability in Visual Basic for Applications, a component used by Microsoft Office and other third-party products. Microsoft has given this security update its highest possible rating - "Critical" - for all supported versions of Microsoft Visual Basic for Applications SDK and third-party applications that use Microsoft Visual Basic for Applications. It is also rated "Important" for all supported editions of Microsoft Office XP, Microsoft Office 2003, and the 2007 Microsoft Office System.

Adobe Shockwave Player
Next up is Adobe, who have released patches to squash over 20 security vulnerabilities in its Shockwave and ColdFusion products.

The critical vulnerabilities identified in Adobe Shockwave Player 11.5.6.606 and earlier versions impact both Windows and Macintosh users, and could allow attackers to run malicious code on your computer.

Adobe recommends that users update their version of Adobe Shockwave Player to version 11.5.7.609.

Details of the ColdFusion vulnerabilities, classed as "important", are provided in Adobe Security Bulletin APSB10-11.

Enough of waffle. Download and install the patches if your computer is affected.

, , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.