Patch Tuesday: Microsoft safeguards video, Adobe secures PDFs

The vulnerability addressed by MS10-026 can be triggered by visiting a Web page with "a specially crafted AVI file that began streaming when the page loads"

Microsoft and Adobe Tuesday separately delivered a raft of security updates that address vulnerabilities said to impact common user activities such as watching video files or opening PDFs.

Microsoft Tuesday released 11 security bulletins addressing 25 vulnerabilities, most of which are rated critical or important. The software giant recommends all updates be applied, but called out three in particular for immediate attention.

The vulnerability addressed by MS10-026 can be triggered by visiting a Web page with "a specially crafted AVI file that began streaming when the page loads," according to Microsoft. And MS10-027 deals with a vulnerability that can be "exploited by simply visiting a specially crafted Web page," Microsoft says. Both updates address multimedia files, which are commonly accessed by home users, but are more and more commonplace on business PCs as well, according to Jason Miller, data and security team leader at Shavlik Technologies.

"If you open a malicious file, you can get remote code execution, which is essentially a virus if you are not patched," Miller says. "Online videos are huge right now, and if you are uncertain of the person sending the video or the site hosting the video, you could kick off remote code execution."

MS10-026 addresses the entire operating system with its patch, while MS10-027 deals with just Windows Media Player 9, Miller says.

Another update from MS0-019 pertains to the practice of digital signatures, which help assure people that a file is coming from a secure source. Microsoft found a way in which a hacker could include malicious code into a file without breaking the digital signature.

"They fixed the vulnerability in which that file could be manipulated, embedded with malicious code for instance, without making the signature invalid," Miller explains.

Separately, Adobe released patches for several versions of its Reader and Acrobat software. The company says the updates address vulnerabilities that could lead to remote code execution.

"You are going to want to patch this one right away," Shavlik's Miller says. "These vulnerabilities are rated as critical and can lead to remote code execution. I call these out because PDF files are very common in businesses."

More about: Adobe, Microsoft, Shavlik, Shavlik Technologies
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Adobe, Microsoft, Patch Tuesday, pdf bug
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/19/avg-anti-virus-free-edition/

AVG Anti-Virus Free Edition

Note: This review covers version 8.5 of the software. This software is now in version 9.0. Antivirus program AVG 8.5 Free offers solid features and ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia