If there is one day of the month you should really focus on software patching, this is the day. The second Tuesday of the month is both Microsoft and Adobe patch day. If you run a Windows shop, or you use Adobe products on any platform, it’s time for you to get patching!
As they promised, Microsoft released seven bulletins today to fix a wide range of security vulnerabilities in a number of their products, including:
- Windows and its components,
- Office (Word),
- Internet Explorer (IE),
- and Lync Server.
Microsoft rates two of the bulletins as Critical.
The big news here is the major Internet Explorer (IE) update. Not only does it fix a zero day vulnerability I discussed a few weeks ago, but it corrects a whooping total of 59 security flaws in the popular web browser. If you have Windows computers in your network, you need to patch IE immediately. The second Critical update fixes a Windows graphics component (GDI+) flaw, which attackers can leverage simply by tricking your users into viewing maliciously crafted images.
In short, if you use any of the affected Microsoft products, you should download, test, and deploy these updates as quickly as you can or you can also let Windows’ Automatic Update do it for you. You can find more information about these bulletins and updates in Microsoft’s June Summary advisory.
Adobe’s Patch Day, on the other hand, seems a bit lighter than Microsoft’s. They only released one security update fixing six security flaws in Flash Player. That said, the update fixes some pretty serious vulnerabilities that attackers could exploit just by enticing you to the wrong web site. Be sure to update Flash as well.
I’ll share more details about today’s patches on the blog throughout the day, so stay tuned. — Corey Nachreiner, CISSP (@SecAdept).