Patch Tuesday for March 2014 happens on March 11. Microsoft currently plans to publish five new bulletins and associated patches starting at 10am PST on that date. The patches will address vulnerabilities in Windows, Internet Explorer, and Silverlight. Two of the patches are flagged as Critical.
One of the patches will fix the Internet Explorer vulnerability recently reported here.
Another update for Chrome was announced yesterday by Google.
The new version includes 19 security fixes, along with fixes for some other bugs and stability issues.
Adobe will no longer test Flash on Windows XP after the next quarterly update. You can continue to use Flash on Windows XP after that, but it will become increasingly risky, especially if it’s enabled in your web browser. This is yet another nail in the coffin for Windows XP.
Version 33.0.1750.117 of Google’s web browser contains a whopping 28 fixes for security vulnerabilities. Anyone using Chrome should make sure that it has updated itself to the new version.
On February 20, Adobe announced a new version of Flash that addresses critical security vulnerabilities. Security bulletin apsb14-07 describes the vulnerabilities.
We strongly recommend upgrading to this new version of Flash (12.0.0.70) as soon as possible, especially if you have Flash enabled in a web browser and you use that web browser for web surfing.
As usual, Google Chrome will update itself to the latest version of Chrome, and Internet Explorer 10 and 11 will be updated to the latest Flash by way of Windows Update.
There was another stealth release of Firefox on February 13. It’s not clear from the release notes exactly what’s different in version 27.0.1, aside from two minor Javascript fixes. No security vulnerabilities are listed as fixed in this version.
A new version of the WebKit-based Opera web browser was announced today. Apparently the only change is some improvement to stability.
It’s the second Tuesday in February 2014, so it’s time to patch your Windows computers. Originally there were only going to be five bulletins this month, but two more were added late. The updates fix security vulnerabilities in Internet Explorer, Windows and .NET. Four of the updates are flagged as Critical.
The summary bulletin has all the technical details, and Dustin Childs has posted a friendlier summary over at the MSRC blog.
As usual, a SANS ISC Diary post provides a security-focused interpretation of the month’s updates, with its own recommendations, as well as useful references (CVE identifiers) to the specific vulnerabilities addressed.
Assorted rumours and leaks about the upcoming ‘Patch 1’ for Windows 8.1 are starting to coalesce into a solid picture of the update:
Followup 2014Mar17: Peter Bright over at Ars Technica looked at a leaked version of the upcoming Windows 8.1 update, and posted his observations. Although Microsoft seems to have made progress in reducing the memory requirements of Windows 8.x (allowing it to actually run on many mobile devices), he’s unconvinced that the user interface changes will placate desktop users. Case in point: there’s still no Start menu.
Tuesday, February 11 will see five bulletins and associated patches from Microsoft. According to the advance notification, the patches will affect Windows, .NET and security software.
As usual, Dustin Childs posted an overview of this month’s patches over at the MSRC blog.
boot13