Patch now! Adobe and Microsoft push out critical security fixes

Filed Under: Adobe, Featured, Malware, Microsoft, Vulnerability

Microsoft and AdobeIt was the second Tuesday of the month yesterday, meaning that it was once again time for Microsoft to roll out its regular collection of security updates under the familiar moniker of "Patch Tuesday".

The bundle of patches from Microsoft covers at least 23 documented vulnerabilities, and includes fixes for exploits that could be invoked in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework and Microsoft Silverlight.

The worst of the Microsoft vulnerabilities have earned the highest severity level of "Critical", and require no user interaction for a malicious attacker to run code on a victim's computer.

One vulnerability, which many companies will certainly want to patch against, is the one detailed in MS12-029. If left unpatched, the vulnerability could allow remote code execution if a user opens a boobytrapped RTF file.

Severity and exploitability graph from Microsoft

Windows UpdateAs always, you can read the interpretation of SophosLabs on the seriousness of the various Microsoft vulnerabilities on the vulnerabilities page.

Remember, if you don't have auto-updating turned on, you can click the Windows Update icon on the Start Menu to download Microsoft security updates.

Separately, Adobe issued security bulletins yesterday related to Adobe Illustrator, Adobe Photoshop (CS5 and earlier), Adobe Flash Professional and Adobe Shockwave Player.

Any Windows or Mac computer user who still feels it's necessary to run Adobe Shockwave Player is advised to update to the latest version (currently

, , , , , , ,

You might like

11 Responses to Patch now! Adobe and Microsoft push out critical security fixes

  1. jimmy b · 1247 days ago

    Only the shockwave player update is free to existing users. All others require upgrading to the next version - $

  2. You forgot Java... They updated to Java 7 Update 4 at the Get Java website for consumers.

  3. Garza UK · 1247 days ago

    Yesterday was the second Tuesday of the month, not the first, its the second Tuesday every month that Microsoft release their regular security updates.

    • I was at the dentist this morning. Clearly I was still under the influence of whatever she injected me with judging by the number of corrections I have had to make to this article. Thanks!

  4. Robert Wurzburg · 1247 days ago

    Adobe released a Flashplayer update v11.2.202.235, up from v11.2.202.233 last week
    you are all way behind on this. Flashplayer debugger is always free for browsers.

    Java Release 6 Update 32 was available at least as early as May 4, 2012 when I found
    it on their website for download.

    You people at Sophos are behind the times on update notifications for Naked Security.

    • Hello again Robert.

      Sophos provided insight on the Adobe Flashplayer update last week.


      • Robert Wurzburg · 1247 days ago

        Thank you, you didn't include the Flashplayer update in your article today.

        Adobe has been sending out their Security Bulletins about a week after
        the updates are available for download.

        I check Adobe's and SunMicro's websites at least once a week for updates
        and always check Adobe Reader using the program's menu, never down-
        load any of these programs from any other website. Go directly to them.
        Then you can be sure you are getting the legitimate updates and programs
        instead of something malicious. Only get Explorer directly from Microsoft,
        instead of another website that can change your search engine, home
        page and other things.

    • Tyw7 · 1247 days ago

      It seems you're outdated too. It's now Java 7 Update 4. Java 6 is now legacy. Java is on the 7 branch.

  5. I'm surprised there's no commentary here on Adobe's strategy for CS5 security "updates".

    Am I alone in thinking if Apple issued a "security update" which required an expensive purchase, you'd - correctly - be all over them like a rash?

    Why is Adobe getting a free pass in the security and technology press on this shoddy behaviour?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley