The second Tuesday of the month has come and gone, which means that Microsoft and Adobe have a whole new round of security patches for their most popular products. With critical fixes now having been pushed out by both companies, anyone who uses Windows or Flash Player should download the patches sooner rather than later.
Microsoft and Adobe detailed the new fixes they delivered yesterday, and even if you're not interested in the inner workings of their security mechanisms, you should still take some time today and grab them. Microsoft's vulnerabilities were all related to the Windows operating system (i.e., no applications this time), while Adobe's patches targeted its Flash player and AIR platform.
For Microsoft's Patch Tuesday, it identified one Critical vulnerability and seven Important vulnerabilities in consumer versions of Windows. A flaw rated Important is the second-highest level of concern at Microsoft.
The only first-rate, Critical, flaw was found in the Telnet client for Windows, and could let a malefactor take control of a computer without warning. Telnet, a decades-old protocol by which users (and computers) communicate via plain text, is no longer installed by default on most Windows systems, but could still pose a threat to those who use Windows for enterprise applications.
Important flaws can hijack a user's system, but they first give a warning or prompt of some kind, letting savvy users avoid them entirely. The vulnerabilities in question for this month could have allowed remote code execution or privilege escalation, allowing distant hackers to seize control of computers and monitor — or change — the data therein.
In all cases, Windows users can download the patches by running Windows Update. Those who've set Windows Update to download and install patches automatically may be prompted to restart their PCs.
Likewise, Adobe's Flash vulnerabilities could have allowed remote code execution, although the company does not specify exactly how. Patching Flash Player and AIR is a little more complicated, depending on your use environment, operating system and browser, but there are detailed instructions on the Adobe website. Flash player updates often come as part of your Internet browser, and you can download most AIR updates directly from Adobe.
One interesting thing about this Patch Tuesday is that it marks the first time Microsoft has not told its customers, except those who paid for a subscription service, what it would be patching in advance. In the future, Microsoft will likely continue this practice, hoping that security researchers will trust whatever it puts out rather than having the resources to investigate flaws for themselves.
For everyday users, however, the process is the same as always: Keep up to date with patches, and hope against hope that no one ever finds a way to exploit one of the flaws in the wild.