STE WILLIAMS

Patch Tuesday January 2014

Jan
15

Patch TuesdayAs expected Microsoft delivered four patches today covering Windows XP, 2003, 7, 2008 R2, Word and Dynamics. All four patches are rated important, the first time in memory that none of the fixes were critical.

The Word fix applies to all Windows versions and could result in remote code execution (What’s this mean?). The operating system fixes will require a reboot.

Adobe also released fixes today for Acrobat and Reader X and XI. This first update of 2014 for Adobe fixes three remote code execution vulnerabilities and should be considered a critical update.

You can get the updates from the integrated updater tool or from http://get.adobe.com/reader.

The big one today is Oracle’s quarterly update which it calls Critical Patch Update January 2014. As Duck commented, it is a bundle of fixes covering 144 different vulnerabilities.

Many Oracle products are covered, I am only going to highlight the most common ones here. You can view the complete list on Oracle’s security page.

Java has been updated, as expected, fixing 36 vulnerabilities, 34 of which are remotely exploitable without authentication.

If you don’t need Java, please remove it. If you aren’t sure, remove it… You can always reinstall. If you must have it installed, be sure to apply this update immediately.

Oracle also patched 18 vulnerabilities in MySQL, 3 remotely exploitable and 9 vulnerabilities in VirtualBox, 4 of which are remotely exploitable.

As always, we advise you to update as soon as you are able.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/G22vCHppqsI/

Comments

Comments are closed.