Wednesday, March 9, 2011

More on Patch Tuesday ... including iTunes, Flash, and Shockwave updates

A SysAdmin's work is never done.  Brian Krebs has a good write-up on this week's need for patches:

Patch Tuesday, Etc. — Krebs on Security
Microsoft has issued security updates to fix at least four security holes in its Windows operating system and other software. Not exactly a fat Patch Tuesday from Microsoft, but depending on how agile you are in updating third-party applications like Flash, iTunes and Shockwave, you may have some additional patching to do.

One of the updates from Microsoft earned a “critical” rating, meaning Redmond believes it could be exploited to break into vulnerable systems with little to no help from users. That flaw, a bug in the way Windows Media Player and Media Center process certain types of media files, could be leveraged by convincing a user to open a tainted video file. This flaw affects Windows XP, Vista and Windows 7.

Microsoft has more details on and links to the other two patches — rated “important” — at its Security Response Center blog. The updates are available through Windows Update or via Automatic Update. The software giant chose not to address an Internet Explorer vulnerability that hackers have been exploiting since late January, although the company has issued a stopgap “FixIt” tool for that flaw.

In other news, Apple has released an update to iTunes that corrects more than 50 security vulnerabilities in the Windows version of this software. That patch bundle is available from Apple Downloads or via the Apple Software Update program that now comes bundled with iTunes and other Apple software for Windows.

I’m a bit behind in reporting on important updates to Adobe’s Flash and Shockwave players that fix a load of problems with these widely-installed software packages. The Flash update bumps the player up to version, and plugs at least 13 security holes on both Windows and Mac installations. To check which version you have installed, visit this page: There is a decent chance that Adobe’s built-in updater has already prompted you to update this program. If your version is lower than 10.2.152.[32], it’s time to update.

No comments: