We are still seeing a large number of computers that are compromised due to outdated versions of Java (some still running Java 6) and Adobe products (Flash Player and Reader). Your computer should be your next-to-last line of defense (the user at the console is the last line of defense) and needs to be properly secured against known threats. The best way to do this is to make sure that you’ve got the latest software updates, especially the Microsoft, Adobe and Java updates. Below is a brief list of the updates for November with links to their home sites with more information.
Microsoft
On the Microsoft side, the November Patch Tuesday will include 6 bulletins, 4 listed as critical, one listed as important and 1 listed as moderate. All of the bulletins listed as critical can allow remote code execution as well as the one listed as important. The bulletin listed as moderate can allow information disclosure. Vulnerabilities address issues in Windows, .NET, Office and Internet Explorer. Multiple reboots are required for these updates. Additional details are available from Microsoft here.
Adobe
The latest updates from Adobe address significant vulnerabilities in Adobe Flash Player. I have not seen any ‘official’ confirmation in the vulnerability in Acrobat that we noted yesterday. Additional details are available from Adobe here.
Java
As of right now, Oracle has been relatively quiet (they are still the #1 target, but I don’t know of any new vulnerabilities that have been disclosed since my last post on the topic). Java downloads are available here.
Misc
There have been significant vulnerabilities disclosed in Quicktime v7.7.3 and Cisco Secure Access Control Systems (ACS).
Monthly Update Clients
* If you are not currently taking advantage of our monthly update service and would like more information or to sign up, additional information is available here
For our Monthly Update clients, if a date and time hasn’t already been scheduled to install your updates, we will be contacting you shortly to schedule. If you aren’t already taking advantage of our monthly update service, there’s no time like the present to get started. We offer a monthly update service to keep all of your computers up-to-date for a low monthly fixed price with no long-term committment. Additional information is available on our website.