Just as announced last Friday, the Redmond company released 14 security bulletins dealing with 34 vulnerabilities within the Windows operating systems and further Microsoft software on the August 2010 patchday – never before so many security bulletins were released on a patchday. Additionally, one could consider the patch against the .lnk-vulnerability a 15th security bulletin. Microsoft also published a security advisory concerning the Windows Service Isolation which can be bypassed and lead to elevation of privileges – as the company doesn’t consider Service Isolation a security feature, it won’t develop and issue a patch, though.

As the updates close eight critical rated vulnerabilities (of which four are considered high-priority deployments by Microsoft) which allow remote code execution, users and administrators are urged to install them as soon as possible.

Adobe didn’t sleep either. They released Flash Player 10.1.82.76 and Adobe AIR 2.0.3 which fix several critical rated vulnerabilities within earlier versions of the software. The updates are available through the Adobe Flash Player Download Center and Adobe AIR Download Center, respectively. These updates should get installed ASAP, too. Next by: For next Monday (August 16th), Adobe announces an out-of-band update for Adobe Reader and Acrobat.

Update: A gentle reader informed us that the Download Center of Adobe still spreads the old version of the Flash Player via the Download Manager. So for making sure to have the latest version, users need to manually download the installer here (all web browsers) or here (ActiveX / Internet Explorer). You can check the installed version of Flash Player on Adobe’s “About” web site.

Dirk Knop
Technical Editor