Critical Security Fixes from Adobe, Microsoft

JMH

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
Adobe and Microsoft each issued security updates today to fix critical vulnerabilities in their software. Adobe’s fixes include a patch for a Flash Player flaw that is actively being exploited to break into Windows computers. Microsoft’s Patch Tuesday release includes nine patch bundles — more than half of them rated critical — addressing at least 27 security holes in Windows and related software.

The most pressing of the updates Adobe released today is the Flash Player patch, which fixes a critical flaw (CVE-2012-1535) in the ubiquitous media player software. Adobe says there are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Microsoft Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.
Click to expand...

http://krebsonsecurity.com/2012/08/...ign=Feed:+KrebsOnSecurity+(Krebs+on+Security)

Similar...

http://www.itworld.com/security/289718/microsoft-patches-critical-security-holes-windows-office-ie
 
Microsoft has resolved the problem with KB26477353. There is a newer (rev 101) version on the release channel now. If you have the "failed" install, all you need to do is check for updates and the new version will be provided. If you haven't updated yet, you'll receive the new version.
 
Thanks for the follow-up, Corrine. Good to see MSFT got to grips with it quickly.

For my part, I rarely install any updates so soon after release ;)
 
A couple of Consumer Security MVPs reported the issue on a private mail list. Someone from the Microsoft Windows Update Team reviewed their logs, saw the problem (not with the update but rather a WU logic issue).
 
Unfortunately, yeah.. was is the correct word. Still dealing with Flash crashing almost every single day at least once. I could easily rollback to 11.1 or 11.2, but that would sort of defeat the purpose of a Flash update as it patches vulnerabilities. The part that annoys me the most about it is it has made by display driver crash twice so far since updating it. It's good that it has recovered every time and I haven't gotten a 116, but it's still relatively annoying.

:(

Update needs to come soon..
 
As far as I can tell, the only post 10.3 Flash security fix is for IE; you could uninstall all and install the latest 10.3 plugin and the 11.3.300.271 ActiveX component (I'm tempted to do this if .271 gives me the same plugin bugs that .270 does).
 
The critical update to Adobe Flash Player was not based on browser, but rather operating system. As you can see from Adobe Flash Player Distribution, the plug-in version was also updated. Thus, if a non-IE browser is used, I recommend updating that as well.
 
Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.

There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.

Adobe recommends users update their product installations to the latest versions:
Click to expand...
http://www.adobe.com/support/security/bulletins/apsb12-18.html
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top