boot13A new version of Adobe’s Reader software was made available yesterday. Version 11.0.06 includes fixes for several security vulnerabilities. All the details are available in the new version’s release notes.
Flash version 12 released
Yesterday, Adobe announced new 12-series versions of the Flash player for various environments and browsers:
- Internet Explorer 10 on Windows 8 (via Windows Update): 12.0.0.38
- Internet Explorer 11 on Windows 8.1: 12.0.0.38
- Other versions of Internet Explorer: 12.0.0.38
- Google Chrome (self-updating): 12.0.0.41
- All other browsers on Windows: 12.0.0.43
You can get the new version from the main Flash download site.
Flash 12 includes some new features and enhancements, as well as fixes for several security vulnerabilities.
Patch Tuesday for January 2014
It’s a light month for Microsoft patches, with only four bulletins, none of which are flagged as Critical. The updates fix vulnerabilities in Office, Windows, and Server software.
Patches for the Windows XP NDProxy vulnerability and Office on Vista are among those made available today.
A post on the ISC Diary blog over at SANS has a useful overview of the vulnerabilities associated with this month’s patches.
As usual, the MSRC blog has its own spin on this month’s patches.
Updates for Adobe Reader on Patch Tuesday
Not wanting to be left out of the party next Tuesday, Adobe has announced that they will issue patches for Acrobat and Reader on January 14.
According to the bulletin, “These updates address critical vulnerabilities in the software.“
Latest SANS Ouch! newsletter: securing your home network
This month’s Ouch! newsletter (PDF) from SANS covers the basics of securing your home wireless network. There’s not much here for experienced professionals, but if you’re not sure whether your home wireless network is secure, this is a good place to start.
Oracle announces upcoming patches for Java
Oracle will issue another massive batch of updates for its products in its next Critical Patch Update, on January 14. From the pre-release announcement:
This Critical Patch Update contains 36 new security fixes for Oracle Java SE. 34 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Advance notification for January Patch Tuesday
Microsoft has issued its usual notification of the upcoming Patch Tuesday. This month’s updates will become available around 10am PST on January 14. There will be four bulletins, addressing issues in Windows, Office and Server software. The NDProxy vulnerability affecting Windows XP will be patched via bulletin MS14-002. The MSRC blog has additional details.
No more updates for Security Essentials on Windows XP after April 8
Update 2014Jan16: Microsoft must have decided it could use some positive press, because they just decided to extend Security Essentials support on Windows XP until July 14, 2015.
Microsoft has confirmed that they will stop issuing updates for its anti-malware software Security Essentials on Windows XP systems after support for Windows XP expires on April 8, 2014.
While I’m sure this comes as no surprise to anyone, since Microsoft will no longer be issuing any patches for Windows XP past April 8, it’s an important consideration for anyone who plans to run Windows XP after that date. Anyone doing so should also stop using Security Essentials and install anti-malware software that will continue to receive updates.
Free alternatives to Security Essentials
If you needed another reason not to visit yahoo.com…
Advertisements containing malware started appearing on yahoo.com on December 30, 2013 – or possibly even earlier. Anyone visiting the site with a browser running an unpatched version of Java risked infecting their computer. If that includes you, a full malware scan of the computer you used should be your next task. One of the following (or both) should do the trick:
Opera 18.0.1284.68 released
In fact, two new versions of the Webkit-based Opera browser were released recently. I missed both of them because Opera moved their announcement blog to blogs.opera.com/desktop.
Version 18.0.1284.63 was released on December 6. It includes fixes for GMail compatibility issues.
Version 18.0.1284.68 was released on December 16. It fixes several crashing issues.