Patch Tuesday February 2012 Microsoft’s Valentine

This month’s Microsoft Patch Tuesday happened to be Valentine’s Day.

Microsoft had some important updates (they are all important but some are a bit more critical than others) but they were not alone. Adobe has an update. Java has an update. Finally, some important news if you have a smartphone or an iPad – which it seems nearly everyone does nowadays. *Update – while writing this post I discovered Adobe has release an update for Adobe Flash. This may be more important to update than the Windows update.

Let go check Microsoft’s updates for this month first.

Window Update
This is what Window Update looks like in the start menu

The most important updates from Microsoft for most of us are the Silverlight update and the Internet Explorer update. These fix some potential areas where an attacker can run code on your computer to break into it.

Silverlight is used for online video and media. Not everyone has Silverlight installed though. Netflix is just one place that uses Silverlight to stream video to computers but I have seen others like network television websites that use it too. There were some problems reported with the Silverlight update originally. It never hurts to do a Microsoft Update manually to make sure everything is up to date.

There is also a .net update. I find the .net updates to be among the slowest of updates to install. They are often optional and not install as critical updates automatically. Many .net updates need to install separate from other updates too. If you’ve kept them updated, there’s just one this month.

You will need to restart the computer with these updates. I’m seeing about 7-9 updates on Windows XP systems. One or two more if you have Microsoft Office installed. The downloads are not too big the installation does take time.

On to the very important Adobe update.

This just as I was writing this post!

Adobe just released an update for Adobe Flash!

Adboe Flash Player Icon
Adobe Flash Player

This is very important. This update has been needed for months now and there have been attacks against the vulnerabilities in use for weeks on the internet. Go to Adobe.com now in Internet Explorer and update Adobe Flash right away.

Adobe has two other updates this month. The first and most important of these two is for Adobe Shockwave. The best way to update Shockwave is to go to the Adobe website and install from there just like Adobe Flash. I usually do the Flash update and then the Shockwave update whenever I visit the Adobe site.

The other Adobe update this month is for Robohelp for Word. While not as widely used as other Adobe software it has an important update. I would think that you should know if you have Robohelp installed. If you’re not familiar with it, you probably don’t have it installed.

Next update is Oracle’s Java.

Java has an update too. I’ve found that many computers do not check for Java updates very often automatically. If Java is installed on your computer there is an icon in the control panel. Click the update tab and then update. You’ll need to close your browser and any other program using Java while you do the update (this strangely will include the Java control program too).

Now for the Smartphone and iPad security news.

Android malware and a botnet.

A security company recently released a report that they have discovered a huge botnet of Android phones. These phones have had malware installed on them. This allows the attacker not only to gain access to any user data on the phone but use the phone to send spam and to launch attacks on other computer systems. The botnet is made up of thousand of phones. The good news, depending where you live, is that this is mostly limited to Android phones in China. With Android, there is more freedom to get apps from different sources but this can also mean more risk.

Google also announced a new system designed to find apps that contain malware in their app store. Named Bouncer, it checks apps uploaded to the Android App store and eliminates those with malware.

iPhone and iPad privacy concerns.

It was discovered that Path, a social networking app for the iPhone was downloading users complete contact lists. Path fixed this problem and apologized to users. I think they handled it well.

This has led to the realization that any app on IOS (the iPhone or iPad) apparently also has access to any information on the device also. The app for your favorite website or game may be doing a lot more than you thought. There really is no default protection or warning telling users an app is accessing this data. Path is probably not the only app that has done this by a long shot.

That’s all for this month.

Make sure you have the Adobe Flash and Microsoft Updates as soon as you can. Make sure you get the other updates too. Be careful what apps you install on your phone and where you get them (for Android users).