security updates


Adobe has released security updates for Adobe Flash Player for all platforms. Adobe Flash Player 11.5.502.149 security update is released for Windows and Macintosh, Adobe Flash Player for Linux, Adobe Flash Player for Android 4.x, and Adobe Flash Player for Android 3.x and 2.x are released. Security update for Windows and Macintosh addressed issues which are rated critical by Adobe. For all supported platforms, these updates addresses vulnerabilities referred as CVE-2013-0633, CVE-2013-0634 (details later). These vulnerabilities could potentially allow an attacker to take control of the affected computer system and may cause a crash.

Out of the two vulnerabilities discovered in Adobe Flash Player, Adobe reports that CVE-2013-0633 is being exploited in the wild. It is a targeted attack designed to trick a user to open a Microsoft Word document. The document is sent via email and has malicious Flash (SWF) content. It targets the ActiveX version of Flash Player on Windows. Similarly, Adobe reports that CVE-2013-0634 is also being exploited in the wild. The attacks targeting this vulnerability is delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform. It can also affect Windows users in similar way as CVE-2013-0633.

Microsoft has released Security Bulletins for January 2013. This is the first “Patch Tuesday” of 2013 and as we do every month, bringing you details of the security bulletins that get released, along with details of how you should deploy the security bulletins. For Patch Tuesday of January 2013, Microsoft has released seven security bulletins. Out of the seven bulletins, two are rated critical, the maximum severity rating, the rest five bulletins are rated as important, which is the next highest possible severity rating. Six of the seven security bulletins fix issues in Windows operating system, two security bulletins fix issues in the .Net Framework and Microsoft Server Software, and the one left fixes issues in Microsoft Office and Developer Tools.

For this month’s (October 2012) Patch Tuesday, Microsoft has released a total of seven patches to fix one critical and six important issues found in Windows, Office and some of its other products. If you have set Windows to automatically receive updates, Windows Update must have automatically installed the recommended updates.

“MS12-064 (Microsoft Word): This security update resolves two issues in Microsoft Office. This bulletin has a severity rating of Critical and can result in remote code execution. Only one of the two issues addressed by this bulletin is rated Critical, but in that case, an attacker could run code in the context of the logged-on user if they were to open a specially crafted Rich Text Format (RTF) file or previews or open a specially crafted RTF email message,” a Microsoft statement reads.

Microsoft has issued nine security bulletins as advanced bulletin notification for July 2012 Patch Tuesday. The nine security bulletins fixes 16 issues in the Windows operating system, Internet Explorer, Visual Basic for Applications, and Microsoft Office.

Out of the nine security bulletins of July 2012 Patch Tuesday, Microsoft has rated three of the security bulletins; MS12-043 (Microsoft XML Core Services), MS12-045 (Microsoft Data Access Components ), MS12-044 (Internet Explorer), as critical. The remaining six, MS12-046, MS12-048, MS12-047, MS12-049, MS12-050 and MS12-051 as important. Almost all the patches except one will need a system restart.

Microsoft on April 10, 2012 ends Mainstream support for Windows Vista as well as Office 2007. Extended support for both Windows XP and Office 2003 ends in two years on April 8, 2014.

According to Microsoft Support Lifecycle policy, Microsoft will offer a minimum of 10 year support for Business, Developer and Desktop Operating System products. The Redmond software giant further divides this 10 years of support in two stages: “Mainstream Support” and “Extended Support.”

Microsoft on Tuesday delivered the third and last service pack for Microsoft Office 2007 suite and SharePoint 2007.

The service pack includes all public updates, security updates, hot fixes and other updates that were released for Office 2007 through September 2011. According to Microsoft, SP3 also includes “general product fixes and improvements in stability, performance and security.”

Microsoft will retire Office 2007 suite from mainstream support on April 10, 2012. Microsoft will than supply security updates only during a five-year extended support phrase until April 11, 2017. Microsoft will halt all security updates to SP2 after a year from now.

Microsoft, on Tuesday, released Office 2010 Service Pack 1.

As expected, Microsoft released the first Service Pack (SP1) for Office 2010 productivity suite at the end of June. Office 2010 SP1 includes all previously released updates, in addition to several new updates. Which improves overall security, performance, and stability of the suite.

SP1 will be available through Windows Update, as a manual download from the Download Center and from Microsoft Update. Microsoft plans to push the update to Automatic Updates within 90 days. The software giant has released SP1 for all 40 language versions of Office 2010. Products that will get fixes and updates include Office 2010, Project 2010, Visio 2010, Office 2010 servers, Office Web Apps, Search Server 2010, SharePoint 2010 Products and FAST Search Server 2010 for SharePoint.

Microsoft has announced on Monday that they are going to release Office 2010 Service Pack 1 by the end of June. SP1 releases for both Office client suites and SharePoint server products will be made available is now available now.

The software giant plans to discuss about Office 2010 SP1 at length during TechEd North America this week. Microsoft will detail its schedule plans and more details around the SP1 release, including the plans for language version updates, though it is mentioned in the blog post that, “All language versions of SP1 will release simultaneously.”

Opera 10.51 is released today and is a highly recommended update by the Opera team. This release addresses a couple of security issues, as well as various stability improvements and other bug fixes. According to the official change log, the two security vulnerabilities found in Opera 10.50 have been patched. Opera 10.51 fixes “an issue where the HTTP Content-Length header could be used to execute arbitrary code; an issue where XSLT could be used to retrieve random contents of unrelated documents”.

This update also improves the stability of the browser. A lot of Bugs are fixed in this update which spans across multiple components of the Opera web browser. This includes the user interface, mail, news and chat components, display and scripting, networking features. Numerous improvements have been done to the JavaScript engine “Carakan” which improves performance. However even after this long list of Bug fixes, Opera Software considers Opera 10.51 as an important security release only.