Note that if you use Firefox or Chrome or Safari on Windows, you need to patch Flash twice, once for Internet Explorer and once for your other browsers.
Critical Updates for Windows, Flash Player — Krebs on Security
Microsoft issued a record number of software updates today, releasing 14 update bundles to plug at least 34 security holes in its Windows operating system and other software. More than a third of flaws earned a “critical” severity rating, Microsoft’s most serious. Separately, Adobe released an update for its Flash Player that fixes a half-dozen security bugs.
... The software giant also urged customers to quickly deploy a patch that fixes at least four vulnerabilities in Microsoft Office, the most severe of which could lead to users infecting their PCs with malware simply by opening or viewing a specially-crafted e-mail.
More details on the rest of this month’s updates are available here. Just a quick note about this patch batch for consumers: It might not hurt to wait a day or two before applying the Microsoft updates. Given the sheer number of vulnerabilities addressed in this release, there is a good chance that one or more of them may turn out to cause problems for some customers. Also, there don’t appear to be any online threats actively exploiting any of these flaws at the moment.
In other news, Adobe released a patch for its ubiquitous Flash Player that fixes at least six flaws in Flash. The newest version brings Flash to v. 10.1.82.76. If you’d like to know what version of Flash you are currently using, browse to this link.
SANS: August 2010 Microsoft Black Tuesday Summary
Overview of the Aug 2010 Microsoft Patches and their status.
Update: Microsoft also released an advisory for an unpatched privilege escalation vulnerability
Update 2: Exploit code apparently exists for MS10-048, but it is not being seen in the wild at present.
US-CERT Current Activity: Microsoft Releases August Security Bulletin
added August 10, 2010 at 01:25 pm
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, and Silverlight as part of the Microsoft Security Bulletin Summary for August 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.
August 2010 Security Bulletin Release - The Microsoft Security Response Center (MSRC) - Site Home - TechNet Blogs
Hello all. As part of our usual cycle of monthly updates, today Microsoft is releasing 14 security bulletins, addressing 34 vulnerabilities. Eight of those bulletins have a Critical severity rating, and we consider four of those to be high-priority deployments:
This bulletin resolves a privately reported vulnerability in
Microsoft's MPEG Layer-3 audio codecs. The vulnerability could allow
remote code execution if a user opens a specially crafted media file or
receives specially crafted streaming content from a Web site. An
attacker who successfully exploited this vulnerability could gain the
same user rights as the logged-on user.
This bulletin resolves a privately reported vulnerability in Cinepak
Codec, which is used by Windows Media Player to support the .avi
audiovisual format. The vulnerability could allow remote code execution
if a user opens a specially crafted media file, or receives specially
crafted streaming content from a Web site. An attacker who successfully
exploited this vulnerability could gain the same user rights as the
This bulletin resolves four privately reported vulnerabilities in
Microsoft Office. The most severe vulnerabilities could allow remote
code execution if a user opens or previews a specially crafted RTF
e-mail message. An attacker who successfully exploited any of these
vulnerabilities could gain the same user rights as the local user.
Windows Vista and Windows 7 are less exploitable due to additional heap
mitigation mechanisms in those operating systems.
This bulletin resolves two privately reported vulnerabilities, both of
which could allow remote code execution, in Microsoft .NET Framework and
Currently none of the vulnerabilities addressed has been observed under exploit in the wild.