Yesterday, Adobe announced a new version of Flash that includes fixes for several security holes in earlier versions. Anyone who uses Flash to view web-based video, which includes anyone who uses YouTube, should install the latest version of Flash as soon as possible.
The latest version of Flash for Windows is 11.5.502.110. Adobe also made available updates for older versions of Flash that address the same security vulnerabilities, but we recommend updating to the latest version.
A new version of Google Chrome, also announced yesterday, includes these security fixes. A similar patch for Internet Explorer 10 in Windows 8 was made available by Microsoft.
These updates resolve buffer overflow vulnerabilities that could lead to code execution, memory corruption vulnerabilities that could lead to code execution, and a security bypass vulnerability that could lead to code execution.
Another new version of Google’s web browser was announced today. Version 23.0.1271.64 contains some new features, as well as several bug and security fixes. A new version of Adobe Flash for Chrome, containing several security fixes, is also included.
A new version of the Opera web browser was announced recently. Version 12.10 includes integration improvements for both Windows and Mac.
Version 16.0.2 of Firefox fixes three critical security flaws in the previous version. Users are encouraged to upgrade as soon as possible.
With the pile of post-SP1 updates for Windows 7 growing and no end in sight (at least until 2020), Microsoft has decided to forsake IT workers by cancelling plans for SP2. This means that installing Windows 7 is going to become increasingly tedious: install Windows 7, install SP1, then install 100+ (and growing) patches.
Is this yet another attempt by Microsoft to get IT administrators to throw in the towel and upgrade to Windows 8? Maybe. Luckily, IT workers have plenty of tools available to create new, slipstreamed installation media for Windows 7. That means one unattended install for Windows 7, SP1 and all the updates available at the time the media was created. Microsoft stopped officially supporting slipstreaming in Vista and Windows 7, so the process is a bit more difficult, but it’s both possible and worth the effort.
Those of you running Windows 8 already should head over to Microsoft Update and install a new out-of-cycle patch for Adobe Flash in Internet Explorer 10.
Oracle has released updates for all of its Java packages. The updates include a variety of bug and security fixes across all the affected Java products.
You can download the Java Runtime Environment (JRE) or Java Developer Kit (JDK) appropriate for your computing environment from the Java downloads page.
Java browser plugins that are not updated as part of a JRE update will require separate updates, in some cases from the web browser developer (Chrome, Internet Explorer).
It is unclear whether these updates include fixes for the vulnerabilities reported in late September 2012. Update 2012-Oct-25: Apparently they do not, according to security researcher Adam Gowdiak.
Google encourages security researchers to discover security vulnerabilities in its web browser, Chrome. The recently-concluded Pwnium 2 contest revealed one new vulnerability. A $60,000 prize was awarded to its discoverer, and within hours, a new version of Chrome (22.0.1229.94) that addresses the vulnerability was released.
Despite the fact that Windows 8 has not yet started appearing on store shelves, Microsoft is releasing a set of updates for the new operating system. Since Windows 8’s RTM (release to manufacturing), several new issues have been discovered, and the updates are intended to address those issues.
Anyone testing or evaluating Windows 8 should install the updates, which are available through Microsoft Update.
Anyone buying a new computer with Windows 8 installed on it should check for and install any pending updates immediately after powering up the computer for the first time. Anyone installing Windows 8 after it is released to retail should also immediately check for and install any pending updates.
Another new version of the Firefox web browser was released today.
The release notes for version 16.0 describe all the most notable changes, while the bug fixes page for version 16.0 lists every change.