Three major software companies issued updates this week, with Microsoft fixing 31 vulnerabilities in its operating system and applications, Adobe patching more than a dozen issues in its document reader software, and Apple closing over 50 serious security holes in its Safari browser.
With ten patches, Microsoft fixed more than two dozen flaws, including ten vulnerabilities voided by a trio of patches. The flaws are rated Critical by Microsoft only for Office 2000 and rated Important for other versions of the productivity program. Perhaps the most serious vulnerabilities fixed by the software giant are seven security issues in the company's flagship browser, Internet Explorer 8, said Andrew Storms, director of security operations for network protection firm nCircle.
"Topping this month's moderately large release cycle from Microsoft is the critical IE update that affects even Microsoft's latest and most secure browser, IE 8," Storms said in a statement sent to SecurityFocus. "Client side, browser based vulnerabilities continue to top the charts for threats, so every user should put this patch at the top of their 'install immediately' list."
In its first quarterly patch, Adobe shuttered 13 security holes in Adobe Acrobat and Reader. The quarterly patch, which Adobe announced last month, is scheduled to fall on the same day as Microsoft's Patch Tuesday. Some of the flaws could allow an attacker to run code on the vulnerable system, while others appear to only be denial-of-service issues.
Adobe still needs to work out the kinks in its quarterly patch process, Storms said.
"While the scheduled release cycle for Adobe updates is a big improvement in helping enterprise security teams effectively manage resources, today's security bulletins are still missing information," Storms said in a statement. "Security managers need Adobe to step up and provide mitigation steps and more detail on both the bugs and the patches."
Apple rounded out the patch parade with an update, released on Monday, that fixed more than 50 flaws in its latest browser, Safari 4.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos