It’s that time again. This month there are eleven updates from Microsoft, with four of them flagged as Critical, affecting Windows, Internet Explorer, Office and .NET.

Adobe has once again come along for the monthly festivities, today releasing a new version of Flash. Version 17.0.0.169 fixes at least fourteen vulnerabilities in Flash, including one for which exploits have been observed in the wild.

So, time to get busy updating your systems… especially where you’re using Flash in a web browser.

Update 2015Apr19: One of this month’s Windows updates is causing problems for people running Oracle VirtualBox, a popular emulator. The problematic update is KB3045999, also referred to as MS15-038. There’s no word yet from Oracle or Microsoft regarding a fix. Uninstalling the update appears to work, but this is obviously a temporary solution.

It’s patch time again.

As expected, Adobe released updates for Reader/Acrobat, but they also issued updates for Flash. The new version of Reader/Acrobat is 11.0.10, and it addresses at least twenty vulnerabilities.

The latest version of Flash is 16.0.0.235 (on most platforms), and it fixes six vulnerabilities in previous versions. As usual, Google Chrome will update its own internal Flash, and Microsoft will offer Flash updates for Internet Explorer on Windows 8.x via Microsoft Update. Note that Adobe also released Flash 15.0.0.246, which apparently fixes the same issues in earlier versions of Flash 15.

Meanwhile, Microsoft today released seven bulletins and associated patches. The patches address vulnerabilities in Windows, Internet Explorer, and Office. There’s a useful summary on the MSRC blog.

Brian Krebs has additional details.

Yesterday Microsoft released fourteen updates, addressing 33 CVEs in Windows, Internet Explorer, Office, .NET, Internet Information Services, Remote Desktop Protocol, Active Directory Federation Services, Input Method Editor, and Kernel Mode Driver. Four of the updates are flagged as Critical. You can find all the details in the main bulletin.

Two of the expected sixteen updates (MS14-068 and MS14-075) were held back by Microsoft, with release dates for those updates now being shown as ‘Release date to be determined’.

In keeping with its new monthly update policy, Adobe released a new version of Flash yesterday. Flash 15.0.0.223 addresses several security vulnerabilities in previous versions.

Brian Krebs has additional analysis of these updates.

Update 2014Nov15: One of the updates in this batch addresses a serious vulnerability that exists on all versions of Windows. MS14-066 fixes a bug in the way secure connections are handled by the Microsoft secure channel (schannel) security component. Most of the focus has been on Windows servers, especially those running Microsoft’s web server software, Internet Information Services (IIS). However, according to some sources, any Windows computer that is configured to accept secure network connections is potentially vulnerable. Recommendation: if you’re running any Internet-facing service on a Windows computer, install this patch ASAP. Ars Technica has additional details.

Update 2014Nov15: Another of this month’s patches (MS14-064) addresses problems with a previous patch (MS14-060). McAfee has a detailed breakdown of the problems with MS14-060.

Update 2014Nov19: MS14-068 was released.

Update 2014Nov26: Apparently the MS14-066 update caused problems for some Windows servers. Microsoft added a workaround to the update bulletin that should resolve one of the problems, but has yet to acknowledge the performance problems reported in SQL Server and IIS. InfoWorld has additional details.