RealPlayer: RealPlayer has released a product upgrade that fixes several critical vulnerabilities. The latest versions are available here. (October 20).
Microsoft Windows & Office: This month’s Patch Tuesday fixed a record 49 security holes. Always install Microsoft patches. Home computers should have automatic updates turned on. All other things being equal so should business computers, except sometimes the IT department has to manage these updates differently. (October 12)
Java: This is a critical update. Microsoft has issued a warning that it is seeing a huge increase in attacks against security vulnerabilities in Java. When you are on the Internet, Java is running. Make sure to install this update. (October 12)
Adobe Reader & Acrobat: This critical update plugs at least 23 holes in the Adobe PDF Reader and Acrobat software, including two vulnerabilities that are being actively exploited by cyber criminals. Update your program while running it. “Check for Updates” is on the drop-down list under “Help.” (Oct 5)
If you are responsible for keeping your computer secure, this is for you. If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). Just like DNA, every program has hidden flaws, or vulnerabilities, in its code. When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
It is the user’s responsibility to make sure update patches are installed. Home users usually have to do this themselves. Users working in offices may have IT staff to do this for them, but even here, Citadel recommends strongly that users take the initiative to check that updates are being installed on their computers.
The Weekend Patch report is intended to raise user awareness to the challenges of vulnerability management by alerting them to some of the week’s important update patches. We do this to help users get the knowledge they need to take the necessary initiative in making sure the security of their computers is being effectively managed.