Patch Tuesday January 2014 - Microsoft, Adobe and Oracle

Filed Under: Adobe, Featured, Java, Microsoft, Oracle, Security threats, Vulnerability, Windows

Patch TuesdayAs expected Microsoft delivered four patches today covering Windows XP, 2003, 7, 2008 R2, Word and Dynamics. All four patches are rated important, the first time in memory that none of the fixes were critical.

The Word fix applies to all Windows versions and could result in remote code execution. (What does this mean?) The operating system fixes will require a reboot.

Adobe also released fixes today for Acrobat and Reader X and XI. This first update of 2014 for Adobe fixes three remote code execution vulnerabilities and should be considered a critical update.

You can get the updates from the integrated updater tool or from http://get.adobe.com/reader.

The big one today is Oracle's quarterly update which it calls Critical Patch Update January 2014. As Duck commented, it is a bundle of fixes covering 144 different vulnerabilities.

Many Oracle products are covered, I am only going to highlight the most common ones here. You can view the complete list on Oracle's security page.

Java has been updated, as expected, fixing 36 vulnerabilities, 34 of which are remotely exploitable without authentication.

If you don't need Java, please turn if off in your browser. If you aren't sure, turn if off in your browser... You can always reinstall. If you must have it installed, be sure to apply this update immediately.

Oracle also patched 18 vulnerabilities in MySQL, three remotely exploitable and 9 vulnerabilities in VirtualBox, four of which are remotely exploitable.

(Note: only older supported branches of VirtualBox get updates, namely versions 3.2, 4.0, 4.1 and 4.2. If you are already on the most recent branch, namely 4.3, you should already have 4.3.6, which remains the latest version.)

As always, we advise you to update as soon as you are able.

, , , , , , , , , , ,

You might like

9 Responses to Patch Tuesday January 2014 - Microsoft, Adobe and Oracle

  1. On my desktop computer, after installing the Update, my keyboard and mouse froze. I had to restart the computer by pressing the "on button" to trigger the computer to shut down and then turn it on again.

  2. Jim · 229 days ago

    Every Adobe Flash update is a hassle. Every time I attempt to update I get the advertising runaround and no update, just the usually loop back and forth as every time in the past. There must be a more friendly flash reader somewhere better than Adobe.

  3. MikeP_UK · 228 days ago

    My 2 PCs have been updated today, Wednesday (we don't get the updates until then due to time zone differences). One needed 5 updates and the other had 3 from Microsoft. Once again the system failed to recognise that all the available MS updates had been installed so had to run a second time! Plus the shutdown-restart failed again so had to force it. Tested? Doesn't look like it was done on 'real world' systems but perhaps on 'idealised' setups.
    Plus updates from Adobe and Java. I'll be investigating the Virtual Box issue mentioned in your Naked Security email as that had not been mentioned before.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.