October 2015 Security Updates Summary

Today is Update Tuesday and Microsoft made available 6 security bulletins to resolve 33 CVEs (defined). Further details are provided in their Security Bulletin Summary.

Reviewing this summary at the time of writing it currently shows that there are no known issues for these bulletins. Another useful source to monitor for any issues encountered with Microsoft security updates is the IT Pro Patch Tuesday blog.

Adobe have also issued updates for Adobe Acrobat DC, Acrobat XI, Acrobat X, Acrobat Reader DC and Adobe Reader addressing 56 CVEs within these products. These vulnerabilities have been classified as critical but have been assigned Priority 2 by Adobe, meaning that these updates should be installed sometime within the next 30 days. Further details of these updates are available in this security bulletin.

Finally Adobe issued updates to Flash Player and Adobe AIR, its application runtime to resolve 21 critical CVEs. Flash Player updates for Linux, Apple Mac OS X and Windows are available from this link (which can be used if you don’t have automatic updating enabled or simply wish to install the update as soon as possible). Users of Google Chrome have received (I have confirmed this) this Flash update within this Chrome update. Microsoft has announced the availability of their Flash update by updating this security advisory for users of Internet Explorer 10, 11 and Microsoft Edge installed on Windows 8.0, 8.1 and Windows 10 (respectively).

You can monitor the availability of security updates for the majority of your software from the following website (among others) or use Secunia PSI:

—————-
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the Protecting Your PC page):
https://www.us-cert.gov/
—————-
If you use any of the above software, please install the appropriate updates as soon as possible.
Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

Since the Adobe Flash Player update resolves 21 critical CVEs some of which are likely to be exploited very quickly by exploit kits (defined) this update should be installed first.

If you wish to prioritize the deployment of the Microsoft security updates, I would recommend an installation order of Internet Explorer, JScript and VBScript, Microsoft Office and Windows Shell due to their severity (successful exploitation results in remote code execution; namely allowing a remote attacker to carry out any action of their choice). After installing these updates, install any remaining applicable Microsoft security updates.

One other security pre-caution that you may wish to take if you have Microsoft EMET installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of July’s Update Summary.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s