Yes, it’s that time again. Time to update all your Windows computers, or at any rate helplessly watch as auto-update randomly siphons away your computer’s resources at the most inopportune times.
This month’s crop of updates includes a total of seven bulletins, which address vulnerabilities in Internet Explorer, Outlook, Visio, Silverlight, SharePoint, OneNote and Windows driver technologies.
This month’s bulletins:
MS13-021 – Critical : Cumulative Security Update for Internet Explorer (2809289)
MS13-022 – Critical : Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
MS13-023 – Critical : Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)
MS13-024 – Critical : Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)
MS13-025 – Important : Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)
MS13-026 – Important : Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)
MS13-027 – Important : Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
If you can’t get enough about these patches, there’s more technical stuff over at the MSRC blog.
March 12th will see a new batch of updates for Windows, Office, Internet Explorer and other Microsoft software. This month there will be seven bulletins, four flagged as Critical.
Patches will become available at around 10am PDT on March 12. PCs configured for auto-updates will see the patches during the following day or so.
Mozilla released a new version of Firefox today. Version 19.0.2 fixes one security vulnerability.
As usual, the release notes and complete list of changes for this release are a mixture of old and new information, making the job of figuring out what has actually changed needlessly difficult.
And just like that, another new version of Java. Version 7 update 17 (what happened to update 16?) includes fixes for some serious security vulnerabilities, as outlined in the associated security alert.
You’ll forgive me for not trusting Oracle’s word on whether any particular vulnerability has truly been fixed. I’ll defer to Adam Gowdiak and other security researchers for the final judgment. Certainly 7u17 is the latest version of Java, and it presumably fixes some of the holes in 7u15, so anyone using Java – especially in their browser – should install it ASAP. But I’m going to leave Java 7u17 flagged as possibly vulnerable.
Another new version of Google’s web browser was announced today. Version 25.0.1364.152 includes fixes for several security vulnerabilities.
Since Flash isn’t mentioned in the release notes, presumably the version of Flash included in the new version is still 11.6.602.171. Let’s see… okay, I just updated Chrome to 25.0.1364.152, and the integrated Flash is definitely still 11.6.602.171.
On February 26, Adobe announced version 11.6.602.171 of the Flash player. As usual, Adobe says: “These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.” The technical details are available in Adobe Security Bulletin APSB13-08.
Microsoft simultaneously announced a Flash update for Internet Explorer 10 on Windows 8, which will be delivered via Windows Update.
Google will no doubt release a new version of Chrome that includes the Flash updates in the next day or so.
Anyone who uses Flash in their web browser should install the appropriate update as soon as possible. That includes anyone who uses Youtube. So basically just about everyone.
No mention of Java is made in the announcement linked above, but presumably the most recent Java security fixes found their way into this Chrome release.
As expected, Adobe has announced updates for its Reader and Acrobat software to address recently-revealed security vulnerabilities. The full technical details are available in the related security bulletin.
Oracle/Sun has released Java version 7, update 15. What happened to update 14? Anyway, the new version includes a batch of security and other bugfixes they wanted to release with the last batch, and which were originally scheduled for release today. Confused yet?
Since the new version is all about fixing the rather horrible Java security vulnerabilities that have been revealed in recent weeks, you should go ahead and install the update, if you use Java. If you don’t use it, pat yourself on the back and count yourself lucky.
If you read the announcement linked above, you’ll notice that once again, determining the version being discussed is left as an exercise for the reader, since the version (7u15) is not mentioned anywhere on the page. There are plenty of references to the versions being replaced, which only adds to the confusion. Annoying.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.