As part of its monthly ritual, Microsoft in its Security Bulletin Advanced Notification for this month warned of a number of nasty vulnerabilities in its operating systems and productivity software.In reading the six notifications, there are fifteen vulnerabilities in total. But that pales in comparison to last month when the software maker released 34 vulnerabilities in 13 updates.
Half of the bulletins contain "Critical" vulnerabilities, which generally means some miscreant could have the ability to not only remotely insert malware or crash your system - but someone could create a worm that wrecks havoc. The second half of bulletins are ranked as "Important," which also means that, in many cases, they're remotely exploitable and that data can be snooped on, changed, or lead to a denial-of-service attack. Critical is Microsoft's highest rating, while Important is its second highest rating just above moderate and low.
These flaws affect many versions of Windows and Microsoft Office, including office that runs on OS X. It looks like most updates will require a reboot, which never makes for a fun second Tuesday of the month.
While enterprises are gearing their patch management software for next week, they'll also want to make certain that they include Adobe Shockwave Player. Earlier this week Adobe announced that "Critical vulnerabilities have been identified in Adobe Shockwave Player 22.214.171.1241 and earlier versions. Adobe's bulletin succinctly sized up the risk:
The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations using the instructions provided below.
Updating sounds like good advice, both now for the Adobe flaw, and next week after Microsoft releases November's batch.