Patch Tuesday for September 2014

This month’s crop of updates from Microsoft includes four security bulletins, addressing 42 CVEs in Microsoft Windows, Internet Explorer, .NET Framework, and Lync Server. The update for Internet Explorer is Critical, and should be installed ASAP.

From Adobe, we get another new version of Flash, 15.0.0.152. The new version addresses memory leakage vulnerabilities that could be used to bypass memory address randomization (CVE-2014-0557), a security bypass vulnerability (CVE-2014-0554), a use-after-free vulnerability that could lead to code execution (CVE-2014-0553), memory corruption vulnerabilities that could lead to code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555), a vulnerability that could be used to bypass the same origin policy (CVE-2014-0548), and a heap buffer overflow vulnerability that could lead to code execution (CVE-2014-0556, CVE-2014-0559). Anyone still using Flash, especially within a web browser, should update immediately.

Google Chrome and Internet Explorer on Windows 8.x will be updated automatically to include the new version of Flash.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

Leave a Reply

Your email address will not be published. Required fields are marked *