Sophos Cloud Optix
NOTE:Thank you from Naked Security for the comments. We realise that wording here was a little confusing. We have updated the article. Thanks for keeping us on our toes!
As is customary, Microsoft released their monthly batch of fixes this morning. If you consider two to be a batch and only if you run Visual Studio Team Foundation Server 2010 or SMS 2003 SP3/SCCM 2007 SP2.
Both vulnerabilities (MS12-061 and MS12-062) are elevation of privilege vulnerabilities. This means the attacker would need to have already gained access to the system.
An elevation of privilege allows a regular non-administrative user to gain admin rights through the vulnerability.
The bigger story is Adobe’s fixes for Flash, Photoshop CS6 and ColdFusion, all of which have been released during the last three weeks.
The most important bulletin is APSB12-19, first released August 21, fixes seven vulnerabilities in Flash Player.
The first five vulnerabilities can all result in remote code execution (RCE). These are critical and should make patching Flash Player the highest priority.
Of the other two, one is a information disclosure vulnerability and the other was causing crashes for Firefox users.
As always the latest Flash Player is available for all platforms except Android from http://get.adobe.com/flashplayer.
APSB12-20, first issued August 30, covers two remote code execution vulnerabilities in Adobe Photoshop CS6. These vulnerabilities are considered critical and users of Photoshop CS6 would be advised to update to version 13.0.1.
Adobe has stated that earlier versions of Photoshop are not affected.
Lastly APSB12-21, released yesterday, patches a denial-of-service (DoS) vulnerability in ColdFusion versions 8-10. More details are available in Adobe’s bulletin.
what rock have you people been living under? the APSB12-19 bulletin was originally released Aug 21, with last update on Aug 30 which means you are almost two weeks late on the draw which might not be so atrocious were you not a security company. shameful!
I think it was an honest mistake, it's been corrected and has hardly done any harm. Why the vile?
APSB12-19 was released on August 21, not yesterday. The Photoshop patch is also old. Only the ColdFusion patch was released on Patch Tuesday.
Hi Torben B. Sørensen,
Agreed, the Flash update is from August 21st and the Photoshop update was released on the 30th of August.
This is very misleading, at first I thought a newer Adobe Flash was available but after checking Adobe’s PSIRT blog ( http://blogs.adobe.com/psirt/ ) I found this was not the case.
@Chester: If you wish to remind the readers of this blog to apply these updates if they have not already, please feel free to do so. What you have written above gives the false impression that all of the updates were released yesterday and does not read like a reminder to patch.
e.g. "The bigger story today is Adobe's fixes for Flash, Photoshop CS6 and ColdFusion."
Thanks.
Yep, can't find a new Flash version.
"As always the latest Flash Player is available for all platforms except Android"
it isn't available on ios