Category Archives: Patches and updates

Flash Player 11.9.900.170 fixes two vulnerabilities

Adobe has released a new version of its ubiquitous Flash Player. Version 11.9.900.170 includes fixes for two security vulnerabilities, as well as some other bug fixes.

As usual, Flash in Internet Explorer 10 on Windows 8.x will be updated separately, by way of Microsoft Update. Google Chrome will also get the new version of Flash via its own internal update mechanism.

Patch Tuesday for December 2013

Yesterday being the second Tuesday in December, another batch of updates was made available by Microsoft. This month there are eleven updates, affecting Windows, Internet Explorer, GDI+ and various server software. Five of the updates are flagged as Critical.

The official Security Bulletin Summary has all the technical details. As usual, there’s a somewhat less technical explanation of this month’s updates over at the MSRC blog. The MSRC post is worth reading, if only for the explanation of the difference between a security advisory and a security bulletin. The short version is that a bulletin is always associated with an update, whereas an advisory usually isn’t.

Firefox 25.0.1 released

Another stealth release of Firefox happened on November 15. Version 25.0.1 apparently fixes some security vulnerabilities and other bugs. With the total lack of any kind of announcement for this release, and the way the release notes include changes in previous releases, it’s difficult to be certain what’s new in this version. For instance, the version 25.0.1 release notes point to the ‘Known vulnerabilities‘ page, but there’s nothing listed there that’s specific to version 25.0.1. The release notes for 25.0.1 also point to Bugzilla (‘complete list of changes‘), but the list of fixed bugs shows everything for version 25, and nothing specific to version 25.0.1. What a mess.

Update 2013Nov23: EWeek has more information about the security vulnerabilities fixed in Firefox 25.0.1 (even if Mozilla doesn’t).

Patch Tuesday for November 2013

It’s the second Tuesday of November, which means it’s time to update all your Windows computers. This month’s announcement lists eight bulletins, affecting Windows, Office, and Internet Explorer.

A patch for the recently-reported vulnerability in Internet Explorer will also be made available later today, according to Microsoft. It will appear in the November 2013 Patch Tuesday announcement as bulletin #3 (MS13-090).

For the full technical details on this month’s updates, see the related post on the Microsoft Security Response Center blog.