Security updates from Adobe, Mozilla, Microsoft, NVIDIA, Asterisk

The year is starting with a lot of pressure for  Adobe, Mozilla, Microsoft, NVIDIA and Asterisk which had to push security updates to fix several critical security vulnerabilities.

 

Microsoft has released their monthly patch containing seven bulletins  which close 12 security problems rating as Critical and Important. All versions of Windows are affected, including Windows 8 and Windows Server 2012. Also Microsoft Office Suites version 2003 and version 2007, Sharepoint Server 2007, Microsoft Groove Server 2007, Microsoft System Center Operations Manager 2007 and 2007 R2  are affected.

They are all affected by the critical vulnerabilities found in Microsoft XML Core Services 5.0 (MS13-002) which could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

The other critical vulnerability is in Windows Print Spooler Components that could allow remote code execution (MS13-001) if a print server received a specially crafted print job.

You don’t have to do anything in special about these updates. They will be delivered using Windows Update. Note that a reboot is required after the installation.

 

  Adobe

Adobe has released 27 fixes in AirFlash, Reader and Acrobat. With such an amount of fixes, all that we can do is to recommend you to urgently install the patches as specified in the links. Of course, when Adobe has such a storm of patches this means that all browsers will have to release this update as well. So, expect updates also from the major browsers on supported operating systems.

 

   Mozilla

Firefox 18  revokes the mis-issued TURKTRUST certificates and fixes other 20 issues (12 critical).

Thunderbird 17.0.2 revoked also the same flawed certificate and fixes other 18 issues (12 critical).

 SeaMonkey 2.15 revoked also the same flawed certificate and fixes other 19 issues (12 critical).

 

 NVIDIA

Released an updated suite with version 310.90 which fixes a buffer overflow in a kernel driver. The vulnerability could be exploited by an attacker to obtain administrator privileges for Windows versions from Vista above.

 

 Asterisk

Several vulnerabilities were fixed in the well-known open source VOIP application. The vulnerabilities are buffer overflows on the stack which can be exploited using the HTTP, SIP and XMPP protocols. Digium, which uses the open source software in their commercial VoIP phones released also new firmware based on the fixes made in the open source version.

 

Sorin Mustaca

IT Security Expert