Tuesday was patch Tuesday and it seems some major players are issuing some critical or important offerings
Microsoft will release 16 security bulletins today. The company rates nine of the bulletins as critical; the remaining seven are considered to be “Important”. The bulletins will patch 34 vulnerabilities in its products, Microsoft said.
In a post on its Security Response Center blog, Microsoft said these also include issues related to “cookiejacking” – last month Security researcher Rosario Volotta discovered a zero-day hole in all versions of Internet Explorer that allows an attacker to steal cookies from a user’s machine and access web sites that the user has previously logged into. Microsoft says that the updates for IE will address one of the known vectors to the cookie folder.
Affected products include Internet Explorer 6, 7, 8 and 9; Windows XP, Vista, Windows 7, Server 2003 and 2008; Office XP, 2003, 2007 and 2010; and Office for Mac 2004, 2008 and 2011. Excel Viewer; Sharepoint Services 3.0; Open XML File Format Converter for Mac; Silverlight 4; Visual Studio 2005, 2008 and 2010; Forefront Threat Management Gateway 2010 Client; SQL Server 2005 and 2008; and InfoPath 2007 and 2010 will also receive updates.
Meanwhile, Adobe is at it again as they will patch holes in its Reader and Acrobat products. The company said the updates will close several critical vulnerabilities. Adobe Reader X for Windows (version 10.0.1) and Mac OS X (version 10.0.3), Reader 9.4.3, and Acrobat X 10.0.3 and 9.4.3 are all suffering vulnerabilities.
The company released updates for its Flash Player last week. The update addressed a zero-day “universal” cross-site scripting vulnerability that could take actions on a user’s behalf on any web site or web mail provider once the user had visited a malicious site. At that point Adobe was still investigating whether Acrobat Reader and its embedded Flash Player were vulnerable.