Microsoft and Adobe plan a tag team assault on computer administrators and users next Tuesday, when they intend to release a pile of Critical security updates. If you manage Windows PCs, you use at least two of the vulnerable products, and likely many more. So I recommend you gear up for a day of software updates next week.
Let’s start with Microsoft’s Patch Day.
Microsoft hasn’t shared the details about these flaws with the public yet, but it is safe to say you should apply the Critical updates as soon as possible — especially the server related ones. Critical vulnerabilities tend to allow remote attackers to gain full control of your computer, which is bad, to say the least.
Also, during last week’s WatchGuard Security Week in Review episode I mentioned an unpatched vulnerability in Microsoft Exchange, related to its use of Oracle’s Outside In technology. I’d guess next Tuesday’s Exchange patch will probably fix this vulnerability. In short, if you manage a Windows network, prepare your team for a busy day of patching next week.
But that’s not all folks…
Since most computer users (Mac and PC users alike) install Reader, these issues will probably affect many people. Furthermore, attackers have been leveraging flaws in PDF documents in many of their spear phishing attacks lately, since many users still consider these documents as benign. If you use these popular Adobe products, plan to patch post haste.
I’ll know more about these bulletins on Tuesday, and will publish alerts about them here. — Corey Nachreiner, CISSP