Earlier today Microsoft released their scheduled monthly security updates.
Microsoft’s updates consist of 10 security bulletins (not including the Adobe Flash Player update (more details below)). These bulletins resolve 49 vulnerabilities more formally known as CVEs (defined).
Just like last month at the time of writing there are Known Issues for this month’s updates (although last month’s summary was later updated to include 3 Known Issues including the well-known issues with the Group Policy update). However please double check the IT Pro Patch Tuesday blog to ensure that there are no issues being experienced before you begin installing the new updates.
As I mentioned above one of Microsoft’s bulletins relates to Adobe’s Flash Player update. This update addresses a massive 52 critical CVEs.
Depending on which version of Flash Player you have, please review the Adobe security bulletin or Microsoft bulletin as appropriate and apply the recommended updates. Google Chrome users should have the updated version installed automatically alongside the updated version of Chrome.
Adobe also released a large security update for Adobe Acrobat DC, Acrobat XI, Acrobat Reader DC and Adobe Reader XI addressing 30 CVEs within those products. These vulnerabilities have been classified as critical but have been assigned Priority 2 by Adobe, meaning that these updates should be installed sometime within the next 30 days. Further details of these updates are available in this security bulletin.
Finally, Adobe published an update for it’s XMP Toolkit for Java affecting versions prior to 5.1.2. Adobe has classified this as a priority 3 update that addresses an information disclosure issue.
If you use any of the above Adobe products, please review the security bulletins linked to above and apply the necessary updates as soon as possible. This is especially true for Adobe Flash.
Whether you are an individual, a large or small organization you should be aim to deploy Flash updates within 1 week in order to reduce the possibility of being affected by exploit kits (defined) that may seek to take advantage of these newly disclosed issues.
You can monitor the availability of security updates for the majority of your software from the following websites (among others) or use Secunia PSI:
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates.
News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by making a donation.
If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.
To assist with making the best use of your time when deploying these updates, I will prioritise the updates for you below:
Please make the updates for Microsoft Office, Microsoft Internet Explorer, Microsoft Edge your first priorities since they all address critical severity vulnerabilities. Please follow these with Windows Print Spooler Components (please see this link for an explanation of why this update is of critical severity) and finally Microsoft Jscript and VBScript due to their severities and prevalent use. All remaining security updates can be installed when you have the time available.
Another security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.5) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary.
As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.