Microsoft releases security patches to fix 49 vulnerabilities

Microsoft on Tuesday, released its largest ever batch of security patches to fix a record 49 vulnerabilities in Internet Explorer, Windows and other software.The Internet Explorer patch is aimed at fixing as many as twelve vulnerabilities. Due to the risk of zero-click drive-by download attacks, the company is suggesting Windows users to apply this patch immediately. The IE versions 7 and 8 running on Windows Vista and Windows 7 are said to be vulnerable to concerned attacks though these versions are claimed to have lessen the affect of such attacks.

Numerous other holes also make it possible to run a malicious code in the Windows common control library as well as the Microsoft foundation class library. But, these holes carried lesser ratings as they can be exploited only on using third-party browsers and file-archiving programs.

The patches also fix vulnerability in Windows XP which was exploited by the Stuxnet worm that is believed to have been released in order to disrupt Iran's nuclear program. The malware spread by exploiting four formerly unpatched Windows security holes. Tuesday's security release fixes three of these holes, while the fourth will be fixed in a future update.
According to Symantec (Norton Antivirus Provider), out of the total 49 flaws, 35 could give hackers the means to run malicious code on victim's computers. Microsoft has already released 86 security patches so far this year, as compared with a total of 74 security bulletins in the previous year.
 
 
 
                             

Adobe sounds alarm about the attacks on Flash

Adobe has warned the users of its pdf reader about the bugs in the reader and hackers were exploiting these bugs. But now it has come up with the shocking news of the bugs in the one of the most popular software- Adobe Flash. It is a matter of worry since almost all the computer users view video in their browsers with the help of Flash software. However the company told that it would patch Flash in two weeks and Reader in three weeks.In a new security advisory on Monday, Adobe said that the current version of Flash contains a critical flaw already being used in the wild by criminals to attack Windows PCs. According to the advisory,  "This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system".
Unfortunately, the flaw is present in all the Flash including the editions for Mac, Linux, Android.. But Adobe described the attacks as "targeted" and limited". The attacks were targeted against the windows users. The same bug is also present in Adobe Reader and Acrobat, the company's free PDF viewer, and its commercial PDF creation tool. This is quite natural since both Reader and Acrobat include code to run Flash content embedded in PDF documents, making a bug in Adobe's media player typically require a patch for the PDF programs.
Adobe said it would update Flash to fix that program's flaw in two weeks, sometime during the week of Sept. 27. The two bugs in Reader and Acrobat -- the one disclosed last week and Monday's -- will be patched in the week of Oct. 4 with an emergency, or out-of-band security update.


                         

Patches

You mave have heard the term patches several times while using computer. But many of the people don't know what a patch is. Now let us know what a patch is ? 
Today, there are hundreds or perhaps thousands of companies that produces softwares for different purposes. These softwares are created by brilliant people according to the specifications given by the customer or by the standards set by the firm. If the software is very large, or has lot of functions, it is generally developed by a group of software engineers by working as a team. After manufacturing the software, it has to be tested for stability and vulnerabilities before handing over to the customer. For this there is a set of tools for software testing. During testing several bugs are found out and they are rectified. After passing the software testing, the software is declared ready for use.
You know, 'to error is human'. Like that every thing that is made by humans will have certain quantity of error in it. Same is the case of the software testing. The softwares that successfully pass the software testing need not be free from vulnerability and bugs. In most cases there will be bugs. In the case of important softwares as used in banks and finantial organisations, the software is tested several times, sometimes may test in sample populations to ensure that the software is free from bugs.
If a bug or vulnerability is found in a software after given to the customer for the use, the software manufacturer releases patch for that software. The goal of the patch is to ensure the correct functioning of the software and to insure that the software is not vulnerable to viruses. A software patch would be applied to a specific program to correct an error in function where as an anti-virus patch might seek to correct specific vulnerabilities linked to the functioning of one particular virus. A security patch, on the other hand, might be designed to strengthen aspects of a machine's connection to a network or to the Internet to guard against incursions into the system from outside sources.
Service packs are groupings of other patches, usually too numerous or complex to be installed one at a time. Usually service packs are directed at repairing known issues in larger software environment like operating systems. Microsoft releases several patches for the operating systems and these pathes are installed during the update of Windows. If you are using Windows Operating System, then install latest patches by Microsoft to make your system more secure against vulnerabilities and software attacks.