ARN

Patch Tuesday: Microsoft safeguards video, Adobe secures PDFs

The vulnerability addressed by MS10-026 can be triggered by visiting a Web page with "a specially crafted AVI file that began streaming when the page loads"

Microsoft and Adobe Tuesday separately delivered a raft of security updates that address vulnerabilities said to impact common user activities such as watching video files or opening PDFs.

Microsoft Tuesday released 11 security bulletins addressing 25 vulnerabilities, most of which are rated critical or important. The software giant recommends all updates be applied, but called out three in particular for immediate attention.

The vulnerability addressed by MS10-026 can be triggered by visiting a Web page with "a specially crafted AVI file that began streaming when the page loads," according to Microsoft. And MS10-027 deals with a vulnerability that can be "exploited by simply visiting a specially crafted Web page," Microsoft says. Both updates address multimedia files, which are commonly accessed by home users, but are more and more commonplace on business PCs as well, according to Jason Miller, data and security team leader at Shavlik Technologies.

"If you open a malicious file, you can get remote code execution, which is essentially a virus if you are not patched," Miller says. "Online videos are huge right now, and if you are uncertain of the person sending the video or the site hosting the video, you could kick off remote code execution."

MS10-026 addresses the entire operating system with its patch, while MS10-027 deals with just Windows Media Player 9, Miller says.

Another update from MS0-019 pertains to the practice of digital signatures, which help assure people that a file is coming from a secure source. Microsoft found a way in which a hacker could include malicious code into a file without breaking the digital signature.

"They fixed the vulnerability in which that file could be manipulated, embedded with malicious code for instance, without making the signature invalid," Miller explains.

Separately, Adobe released patches for several versions of its Reader and Acrobat software. The company says the updates address vulnerabilities that could lead to remote code execution.

"You are going to want to patch this one right away," Shavlik's Miller says. "These vulnerabilities are rated as critical and can lead to remote code execution. I call these out because PDF files are very common in businesses."

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

More about: Adobe, Microsoft, Shavlik, Shavlik Technologies
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Adobe, Microsoft, Patch Tuesday, pdf bug
ARN Directory | Distributors relevant to this article
ASI Solutions , Bluechip Infotech , Compucon Computers , Dicker Data , Express Data , Express Online , ICT Distribution , Impact Systems Technology , Leader Computers , NewLease , Scholastic , Synnex Australia , Topstar Computer International , XiT Distribution , Xpress I.T.
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/aca-pacific/415_bonus-500-gift-card-with-every-sgi-is5000-sp-s
ACA Pacific

Bonus $500 Gift Card with Every SGI IS5000-SP Storage Subsystem. Ends June 30th, 2012.

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.