New security updates for Adobe, Microsoft, and Oracle software were released today. Microsoft issued eleven updates for over twenty-four flaws in Windows, including one for a vulnerability that has been publicly announced recently. The Flash Player update issued by Adobe is about to cover at least twenty-two flaws, and the update for Oracle’s Java will fix fifteen vulnerabilities that can be exploited remotely and without authentication.
Let’s have a closer look at the released updates and the vulnerabilities they patch.
Four out of the eleven updates by Microsoft, this month have been classified as “critical” due to the fact that they can be exploited by hackers or malware without the user’s interaction. Patches for vulnerabilities in IE, Windows, .NET and Office have been issued. The critical ones address two bugs in Windows, Office and Internet Explorer.
Among the patches issued by the company is one covering the CVE-2015-3043 zero-day vulnerability. The Flash Player version for Windows and Macintosh should be updated to Adobe Flash Player 18.104.22.168.
Flash Player installed with IE and Chrome for Windows 8.x updates automatically to version 22.214.171.124.
The last released Flash version can be found on the official Flash web page, but users should avoid the installation of potentially unwanted add-ons. To do so, users need to un-tick the pre-checked box before they download the latest Flash version.
Windows users who use alternative web browsers (other than IE) may have to apply the patch twice – once with IE, and once with the other browser.
Fifteen security flaws are addressed in the latest “critical patch update” by Oracle. Java users are advised to update as soon as possible. Windows users can click on the “Do I have Java?” link on the Java.com page. The updates can also be found in the Java Control Panel on the website. If you choose this option, note that third-party software may be installed alongside the latest Java version, so make sure to un-tick any additional add-ons or plug-ins before proceeding with the update.
Oracle ends the support of Java 7 after this update. Experts recommend downloading the Java 8 Update 45.
Unless you are using Java for specific applications or websites, you should consider removing the program completely. Due to its numerous security holes, it is among the top targets of malware authors.
There is a way to install the software and minimize the risk of flaw exploitation at the same time. You need to unplug the program from the web browser as you are on a web page that requires its use. The latest Java version allows users to disable Java content in the web browser via the Java Control Panel. Another option is to use a second browser and unplug the program from the browser you use for your everyday activities and leave Java on the one you only use to visit sites that require Java.