July 10, 2013
Microsoft, Adobe Release Critical Security Patches
redOrbit Staff & Wire Reports - Your Universe Online
Adobe released new security fixes for its Flash and Shockwave media players on Tuesday, while Microsoft rolled out seven patch bundles in its July update addressing some 34 vulnerabilities in Windows and other software.The Microsoft patch addresses six critical issues for all versions of Windows, along with vulnerabilities in Visual Studio, Office, Lync and others, the company said in its security bulletin for July.
The software giant has had 22 critical vulnerabilities so far this year, all involving remote code execution vulnerabilities.
MS13-054 appears to be the vulnerability that affects the most enterprise software tools.
"This security update resolves a privately reported vulnerability in Microsoft Windows, Microsoft Office, Microsoft Lync, and Microsoft Visual Studio. The vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files," Microsoft said in its Security Bulletin MS13-054.
"This security update is rated Critical for all supported releases of Microsoft Windows and affected editions of Microsoft Lync 2010 and Microsoft Lync 2013. The security update is rated Important for affected releases of Microsoft Office and supported editions of Microsoft Visual Studio .NET 2003."
Microsoft called special attention to MS13-053, which fixes at least eight flaws in Windows' implementation of TrueType font files. These critical TrueType vulnerabilities exist in Windows XP, Vista, Windows 7 and Windows 8, and can be exploited to gain complete control over a vulnerable system by merely having the user visit a Web page that contains malicious TrueType content, Microsoft said.
"The most severe vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files. An attacker who successfully exploited this vulnerability could take complete control of an affected system."
Adobe's Flash updates fix at least three critical bugs in the software, and are designed to prevent an attacker from taking control of a system.
"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system," the company said in its security bulletin.
Updates are available for Windows, Mac, Linux and Android versions of Flash.
Adobe also released a new version of its Shockwave Player software that fixes at least one critical flaw, bringing the software to version 126.96.36.199 on Windows and Mac systems.
The updates are available here.