Microsoft released bulletins to close eight security holes in its products and Adobe published versions 10.1.2 and 9.5 of its Acrobat and Reader products for Windows and Mac OS X.
For Microsoft, the bulletins covered vulnerabilities – in Windows Media, Windows Packager and Windows Object Manager – which the company rates as critical. Attackers could exploit the bugs to inject and execute malicious code on a victim’s system via a specially crafted file. However, Windows 7 is not affected by the problem in Windows Media.
In addition, the company finally released an update for Internet Explorer to fix the vulnerability in the SSL3.0/TLS1.0 protocol that has been out there since September. The related attack, known as BEAST (Browser Exploit Against SSL/TLS), allows attackers to decrypt cookies transmitted in encrypted form and use them for unauthorized web page logins. Microsoft had planned to publish this update in December but later delayed the release due to compatibility issues with third party products.
Meanwhile, Adobe published versions 10.1.2 and 9.5 of its Acrobat and Reader products for Windows and Mac OS X. The updates fix critical vulnerabilities that an attacker could use to cause the application to crash and potentially take control of an affected system.
Versions 10.1.1 and 9.4.7 and earlier of Acrobat and Reader are suffer from the issue; all users should upgrade.