 | By Susan Bradley It might be the dog days of August, but keeping our systems secure must go on. The priorities for this Patch Tuesday week are Internet Explorer and Adobe updates, while .NET patching remains on hiatus. |
MS11-057 (2559049)
Internet Explorer gets its last Pwn2Own fix
Back in March of this year, the CanSecWest security conference held its annual browser-exploit contest, Pwn2Own. Five months later, the last of the exploits revealed at the event is being patched, as noted in a TippingPoint Zero Day Initiative advisory. The exploit could allow hackers to bypass IE’s Protected Mode and assume the same rights as the local user. Note: This exploit is less of a threat when you’re not using your PC with administrator rights. Seven other browser vulnerabilities are also patched.
KB 2559049 is rated critical for all current workstation versions of Windows running IE 6 through IE 9.
► What to do: Install KB 2559049 as soon as possible, even if Internet Explorer is not your default browser.
Adobe releases a whopping 400 updates
Yes, you read that right: 400 patches — it has to be a record. Fortunately for us, Adobe gathered this mammoth number of fixes into five bundles targeted at Shockwave, Flash Media Server, Flash Player, Photoshop, and RoboHelp. The only updates not rated critical are RoboHelp’s, which are listed as important.
As documented in Adobe’s Aug. 9 security blog, most of these updates affect both Windows and OS X systems. The patches for Flash also apply to Linux systems. Adobe claims it’s unaware of any exploits in the wild.
Related posts:
