The year is starting with a lot of pressure for Adobe, Mozilla, Microsoft, NVIDIA and Asterisk which had to push security updates to fix several critical security vulnerabilities.
Microsoft has released their monthly patch containing seven bulletins which close 12 security problems rating as Critical and Important. All versions of Windows are affected, including Windows 8 and Windows Server 2012. Also Microsoft Office Suites version 2003 and version 2007, Sharepoint Server 2007, Microsoft Groove Server 2007, Microsoft System Center Operations Manager 2007 and 2007 R2 are affected.
They are all affected by the critical vulnerabilities found in Microsoft XML Core Services 5.0 (MS13-002) which could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
The other critical vulnerability is in Windows Print Spooler Components that could allow remote code execution (MS13-001) if a print server received a specially crafted print job.
You don’t have to do anything in special about these updates. They will be delivered using Windows Update. Note that a reboot is required after the installation.
Adobe has released 27 fixes in Air, Flash, Reader and Acrobat. With such an amount of fixes, all that we can do is to recommend you to urgently install the patches as specified in the links. Of course, when Adobe has such a storm of patches this means that all browsers will have to release this update as well. So, expect updates also from the major browsers on supported operating systems.
Released an updated suite with version 310.90 which fixes a buffer overflow in a kernel driver. The vulnerability could be exploited by an attacker to obtain administrator privileges for Windows versions from Vista above.
Several vulnerabilities were fixed in the well-known open source VOIP application. The vulnerabilities are buffer overflows on the stack which can be exploited using the HTTP, SIP and XMPP protocols. Digium, which uses the open source software in their commercial VoIP phones released also new firmware based on the fixes made in the open source version.