Today’s Patch Tuesday is smaller than last month, but there are more critical updates this time. Out of the 63 vulnerabilities covered by the Microsoft patches, 22 of them are critical. Adobe has released 6 bulletins covering 19 vulnerabilities. According to Microsoft and Adobe, there are no active attacks against these vulnerabilities.
The majority of the Microsoft critical vulnerabilities are in browsers and browser-related technologies. It is recommended that these be prioritized for workstation-type devices. Any system that accesses the Internet via a browser should be patched.
Windows Font Library
Five of the critical vulnerabilities are in the Windows Font Library (labeled as Microsoft Graphics in the bulletins). These vulnerabilities can lead to remote code execution through a web-based or file-sharing attack. These updates should be prioritized for workstation-type devices as well as servers.
Adobe has released 6 bulletins covering 19 vulnerabilities in Flash Player, Experience Manager, InDesign, Digital Editions, Coldfusion, and the PhoneGap Push Plugin. Of the 19, six are marked as critical in Flash, InDesign, and Coldfusion. Coldfusion servers should be patched as soon as possible. Patches for Flash or InDesign should also be treated as high priority for Workstation-type devices.