As expected Microsoft delivered four patches today covering Windows XP, 2003, 7, 2008 R2, Word and Dynamics. All four patches are rated important, the first time in memory that none of the fixes were critical.
The Word fix applies to all Windows versions and could result in remote code execution. (What does this mean?) The operating system fixes will require a reboot.
Adobe also released fixes today for Acrobat and Reader X and XI. This first update of 2014 for Adobe fixes three remote code execution vulnerabilities and should be considered a critical update.
You can get the updates from the integrated updater tool or from http://get.adobe.com/reader.
The big one today is Oracle’s quarterly update which it calls Critical Patch Update January 2014. As Duck commented, it is a bundle of fixes covering 144 different vulnerabilities.
Many Oracle products are covered, I am only going to highlight the most common ones here. You can view the complete list on Oracle’s security page.
Java has been updated, as expected, fixing 36 vulnerabilities, 34 of which are remotely exploitable without authentication.
If you don’t need Java, please turn if off in your browser. If you aren’t sure, turn if off in your browser… You can always reinstall. If you must have it installed, be sure to apply this update immediately.
Oracle also patched 18 vulnerabilities in MySQL, three remotely exploitable and 9 vulnerabilities in VirtualBox, four of which are remotely exploitable.
(Note: only older supported branches of VirtualBox get updates, namely versions 3.2, 4.0, 4.1 and 4.2. If you are already on the most recent branch, namely 4.3, you should already have 4.3.6, which remains the latest version.)
As always, we advise you to update as soon as you are able.
On my desktop computer, after installing the Update, my keyboard and mouse froze. I had to restart the computer by pressing the “on button” to trigger the computer to shut down and then turn it on again.
Which update was that?
I don’t know. But on both PC’s the Update re-installed the USB Hubs.
Every Adobe Flash update is a hassle. Every time I attempt to update I get the advertising runaround and no update, just the usually loop back and forth as every time in the past. There must be a more friendly flash reader somewhere better than Adobe.
Have you tried simply living without Flash for a bit? Thanks to HTML5 it is much less of a necessity than it used to be…
Some websites require Flash, such as that offered by BT. They complain if it’s not found and will not run unless you start it. So you need it available but probably not have it enabled all the time. In FF you can set it to ask. Plus not all websites use HTML5 yet.
You have to disable many AntiVirus products to get the Flash updates. Every company in the world except Adobe has figured out how to avoid this problem.
You can download the Flash installers directly at http://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html#main-pars_header
My 2 PCs have been updated today, Wednesday (we don’t get the updates until then due to time zone differences). One needed 5 updates and the other had 3 from Microsoft. Once again the system failed to recognise that all the available MS updates had been installed so had to run a second time! Plus the shutdown-restart failed again so had to force it. Tested? Doesn’t look like it was done on ‘real world’ systems but perhaps on ‘idealised’ setups.
Plus updates from Adobe and Java. I’ll be investigating the Virtual Box issue mentioned in your Naked Security email as that had not been mentioned before.