Apple dominated the news yesterday (Sept. 10) with announcements of its new iPhones and the Apple Watch. But yesterday was also the first Tuesday of the month, or Patch Tuesday, when Microsoft releases security patches and updates for its computer software.
If that isn't exciting enough, software maker Adobe, which joined Microsoft's patch schedule last year, also released a slew of updates yesterday, including a critical patch for Adobe Flash Player. If you have automatic updates set up in Windows you shouldn't have to worry about the Microsoft updates, and some Web browsers automatically update Flash as well. If not, you'll want to install and run the updates from both companies.
Let's start with Microsoft. The company's updates this month are grouped into four bulletins: one rated "critical" (Microsoft's highest security rating) and three rated "important." The critical bulletin contains 37 patches for all supported versions of Internet Explorer on all supported versions of Windows, i.e. IE 6 through 11 on Windows Vista, 7, 8, 8.1, RT and RT 8.1 and on Windows Server 2003, 2008, 2008 R2 and 2012.
The most critical vulnerability would have let attackers seize control of an affected computer. The attackers would have to create a malicious Web page with code designed to exploit this specific flaw. If affected users visited this Web page with an unpatched version of Internet Explorer, the code would have exploited the vulnerability, giving attackers a foothold in the affected computer. Installing this bulletin will require users to restart their computers.
The second bulletin addresses a denial-of-service vulnerability in Microsoft's .NET Framework, a platform for developers to build Windows applications.
The third patches a flaw in the Windows Task Scheduler in Windows 8 and 8.1, and Windows Server 2012 and 2012 R2. Taken alone, the patched threat wasn't too serious; if criminals had access to a computer they could use this flaw to increase their privileges on that computer. Combined with a flaw like the one addressed by Bulletin 1, however, a criminal could use these two flaws to get total control over a Windows computer.
Finally, Bulletin 4 patches a flaw in Microsoft's Lync messaging service. It's a server-side update, however, so regular Windows PC owners won't have to worry about it.
A full breakdown of Microsoft's Patch Tuesday offerings is available form the company's Technet blog.
Now on to Adobe. The multimedia-software maker has patched its Adobe Flash Player and Adobe AIR software for Windows, Mac, Linux and Android. If you're on a Windows or Mac, the version number should be 18.104.22.168. On Linux, it's 22.214.171.1246. On a desktop, Adobe AIR should update to 126.96.36.199, and on Android to 188.8.131.52. The updates patch 12 different vulnerabilities in the software.
Adobe recommends that Windows and Mac users update Flash by going to the Adobe Flash Player Download Center. A lot of malware likes to disguise itself as fraudulent Adobe Flash Player updates in order to trick you into installing it, so it's always best to get your updates from a certified source.
Adobe Flash Player for Chrome and for Internet Explorer 10 and 11 should update automatically. If you use any other browsers, you may have to separately install the Flash Player update for that browser.
A full breakdown of Adobe's update specs is available from its website.
- 12 Computer-Security Mistakes You're Probably Making
- 'Don't Take Nude Selfies' Is Not Good Security Advice
- 7 Scariest Security Threats Headed Your Way
Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.