August Security Updates from Adobe and Microsoft
This morning we have new rounds of security updates available from both Adobe and Microsoft. Please review and patch accordingly.
Adobe has posted a notification that a remote code execution vulnerability exists in Flash (for Windows, OS X and Linux) that is already being exploited. The exploit is embedded in a Microsoft Word document that is being distributed via a variety of mechanisms.
Full details here: http://www.adobe.com/support/security/bulletins/apsb12-18.html
Check your version of Flash against the latest at this URL: http://www.adobe.com/software/flash/about/
Adobe has also posted a notification for Acrobat and Acrobat reader (for Windows and OS X) concerning remote code execution vulnerabilities. There is no indication that these are yet being exploited, so there is a chance to patch before the bad guys get to them.
Full notification here: http://www.adobe.com/support/security/bulletins/apsb12-16.html
New Versions: 10.1.4 and 9.5.2.
Finally, Adobe has posted a notification for Shockwave Player (for Windows and OS X) that even more remote code execution vulnerabilities exist in this product and an update is available. These vulnerabilities have also not yet been exploited. Patch quickly!
Full notification here: http://www.adobe.com/support/security/bulletins/apsb12-17.html
New Version: 22.214.171.1245
Microsoft has also sent notification of nine new security updates for the month. Five of these should be considered critical updates for clients, while three of them should be considered critical updates for servers. Most important of these updates is MS12-060 which is critical for both clients and servers and is already being actively exploited. This patch should be applied ASAP.
Full Microsoft notification here: http://technet.microsoft.com/en-us/security/bulletin/ms12-aug
SANS ISC Overview Table: http://isc.sans.edu/diary/Microsoft+August+2012+Black+Tuesday+Update+-+Overview/13900