Microsoft Windows users and those with AdobeFlash Player or Java installed, it’s time to update again! Microsoft released 13 updates to address some three dozen unique security vulnerabilities. Adobe issued security fixes for its Flash Player software that plugs at least 22 security holes in the widely-used browser component. Meanwhile, Oracle issued an unscheduled security fix for Java, its second security update for Java in as many weeks.
One big critical update from Redmond mends more than a dozen security problems with Internet Explorer. Another critical patch addresses flawsMicrosoft Edge — including four that appear to share the same vulnerability identifiers (meaning Microsoft re-used the same vulnerable IE code in its newest Edge browser). Security vendor Qualys as usual has a good roundup of the rest of the critical Microsoft updates.
Adobe issued an update for Flash Player that fixes a slew of security problems with Flash, a very powerful yet vulnerable piece of software that is also unfortunately ubiquitous. After all, as Chris Goettl at Shavlik reminds us, fixing Flash on a modern computer can be a complicated affair: “You need to update Adobe Flash for IE, Flash for Google Chrome, and Flash for Firefox to completely plug all of these 22 vulnerabilities.” Thankfully, Chrome and IE should auto-install the latest Flash version on browser restart (I had to manually restart Chrome to get the latest Flash version).
If you decide to update (more on hobbling or uninstalling Flash in a moment), make sure you watch for unwanted add-ons that come pre-checked with Adobe’s Flash updater. The latest version of Flash for most Windows and Mac users will be v. 20.0.0.306.This page will tell you which version of Flash you have installed (if Flash isn’t installed, the page will offer a downloader to install it).
read more…
Source: Critical Fixes Issued for Windows, Java, Flash — Krebs on Security
You should keep Windows, Java and Adobe Flash updated! Stay safe