Patch now! Adobe and Microsoft push out critical security fixes

Patch now! Adobe and Microsoft push out critical security fixes

Microsoft and AdobeIt was the second Tuesday of the month yesterday, meaning that it was once again time for Microsoft to roll out its regular collection of security updates under the familiar moniker of “Patch Tuesday”.

The bundle of patches from Microsoft covers at least 23 documented vulnerabilities, and includes fixes for exploits that could be invoked in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework and Microsoft Silverlight.

The worst of the Microsoft vulnerabilities have earned the highest severity level of “Critical”, and require no user interaction for a malicious attacker to run code on a victim’s computer.

One vulnerability, which many companies will certainly want to patch against, is the one detailed in MS12-029. If left unpatched, the vulnerability could allow remote code execution if a user opens a boobytrapped RTF file.

Severity and exploitability graph from Microsoft

Windows UpdateAs always, you can read the interpretation of SophosLabs on the seriousness of the various Microsoft vulnerabilities on the vulnerabilities page.

Remember, if you don’t have auto-updating turned on, you can click the Windows Update icon on the Start Menu to download Microsoft security updates.

Separately, Adobe issued security bulletins yesterday related to Adobe Illustrator, Adobe Photoshop (CS5 and earlier), Adobe Flash Professional and Adobe Shockwave Player.

Any Windows or Mac computer user who still feels it’s necessary to run Adobe Shockwave Player is advised to update to the latest version (currently