The year is starting with a lot of pressure for Adobe, Mozilla, Microsoft, NVIDIA and Asterisk which had to push security updates to fix several critical security vulnerabilities.
Microsoft has released their monthly patch containing seven bulletins which close 12 security problems rating as Critical and Important. All versions of Windows are affected, including Windows 8 and Windows Server 2012. Also Microsoft Office Suites version 2003 and version 2007, Sharepoint Server 2007, Microsoft Groove Server 2007, Microsoft System Center Operations Manager 2007 and 2007 R2 are affected.
They are all affected by the critical vulnerabilities found in Microsoft XML Core Services 5.0 (MS13-002) which could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
The other critical vulnerability is in Windows Print Spooler Components that could allow remote code execution (MS13-001) if a print server received a specially crafted print job.
You don’t have to do anything in special about these updates. They will be delivered using Windows Update. Note that a reboot is required after the installation.
Adobe
Adobe has released 27 fixes in Air, Flash, Reader and Acrobat. With such an amount of fixes, all that we can do is to recommend you to urgently install the patches as specified in the links. Of course, when Adobe has such a storm of patches this means that all browsers will have to release this update as well. So, expect updates also from the major browsers on supported operating systems.
Mozilla
Firefox 18 revokes the mis-issued TURKTRUST certificates and fixes other 20 issues (12 critical).
Thunderbird 17.0.2 revoked also the same flawed certificate and fixes other 18 issues (12 critical).
SeaMonkey 2.15 revoked also the same flawed certificate and fixes other 19 issues (12 critical).
NVIDIA
Released an updated suite with version 310.90 which fixes a buffer overflow in a kernel driver. The vulnerability could be exploited by an attacker to obtain administrator privileges for Windows versions from Vista above.
Asterisk
Several vulnerabilities were fixed in the well-known open source VOIP application. The vulnerabilities are buffer overflows on the stack which can be exploited using the HTTP, SIP and XMPP protocols. Digium, which uses the open source software in their commercial VoIP phones released also new firmware based on the fixes made in the open source version.
Sorin Mustaca
via Avira – TechBlog http://techblog.avira.com/2013/01/10/security-updates-from-adobe-mozilla-microsoft-nvidia-asterisk/en/
© Copyright 2013 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch
One thought on “Security updates from Adobe, Mozilla, Microsoft, NVIDIA, Asterisk”
Comments are closed.