This Black Tuesday was different as anticipated – Microsoft releases only one security bulletin, but other companies “jumped in” and deliver updates now as well.
For the windows operating systems, only one Security Bulletin was released. MS10-001 deals with a vulnerability in the decompression routines of the Embeded OpenType Font Engine. This means that especially in Windows 2000, programs like Internet Explorer, Word or PowerPoint for example which render EOT fonts can put the system at risk when viewing manipulated contents. In newer operating systems the flawed code is used differently so that Microsoft assumes that it isn’t exploitable there.
The company released another Security Advidory on the Adobe FlashPlayer that is installed by default on Windows XP. Due to security vulnerabilities in that version attackers may inject malicious code and compromise the computers. Microsoft advises users and administrators to either uninstall or update the software. Current versions are available on Adobes web site.
Adobe also released updated versions of Reader and Acrobat. They close security holes in the popular software which is already publicly exploited. The updated Reader software is available here, while for Acrobat updates are available here.
On a side note, also Oracle released Critical Patch Updates (CPU) for several of it’s database products.
As all updates deal with critical security vulnerabilities, users are advised to install them as soon as possible. Administrators should start their tests immediately so they can roll out the fixed software ASAP, too, as some of those vulnerabilities already get exploited by cyber criminals.