Microsoft and Adobe released software updates on Tuesday, fixing critical security flaws in their products.
Microsoft's most critical patch, according to researchers, fixes a vulnerability in Internet Explorer for which exploit code has already been publicly released. The fix comes out about two weeks after information about the issue was released publicly, said Andrew Storms, director of security operations for nCircle.
The patch for Microsoft's browser closes four other security holes in the software, according to the advisory. In addition, the five other patches in Microsoft's regularly scheduled update fixed seven other vulnerabilities, none as serious as the IE flaw, Storms said.
"Beyond IE, this list is really a mash-up of random fixes," Storms said in a statement. "There is nothing extremely dangerous once you get past (the) IE (bug)."
Adobe also released a critical update on Tuesday for its Flash Player to fix seven security issues in the ubiquitous software, and an update to AIR, the company's application framework. While both patches are considered critical, the Flash player is the most significant flaw, said Ben Greenbaum, senior research manager, Symantec Security Response.
"Though both of Adobes updates are critical, the Flash Player update should be applied immediately by all users," Greenbaum said in a statement. "Flash is used so commonly that it should definitely be a high priority."
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos