Adobe is true to their word in releasing Flash Player 10.1 today, and also released AIR 2.0.2.
Adobe AIR 2.0.2 is a major upgrade release with security ramifications. This is a security update.
Adobe Flash Player 10.1.53.64 corrects the currently exploited security hole that’s being used to install scareware across the ‘net. This is a security update.
If you use more than one browser type (Internet Explorer and Firefox or Chrome or Safari…) then you should probably download the installers directly, and manually install the updates, instead of relying on the Adobe Download Manager. The Adobe Download Manager doesn’t behave well installing both ActiveX and Non-ActiveX versions of the Flash Player, which can leave you unprotected should only portions of it correctly install. You can download the current installers directly from:
Flash Player: ActiveX Version
Flash Player: Non-ActiveX Version
As with all Adobe products, be sure to UNCHECK any toolbars, add-ons and other “offers” both during download and if prompted during installation.
Be aware, Adobe does not plan to release updates for the KNOWN security vulnerabilities in Adobe Acrobat or Adobe Reader until June 29th.
Uninstalling these programs will, of course, prevent you from being infected through these specific holes, but will prevent you from viewing PDF files for the duration. It’s probably a better solution to simply lock down your Adobe products so that they can not be used to infect your computer (at least, through this known exploit). This involves disabling scripting, browser toolbars/interactivity, and media functionality from with Adobe Reader and Adobe Acrobat. Also note, EVEN IF you have “secured” Adobe Reader or Acrobat in the past, you would be well advised to check again. Various updates do reset the security settings in various Adobe applications, so your changes may have been lost – and more importantly – some of the settings change over time, so the changes you made two months ago may not correct all issues in the most current settings.
In Adobe Reader, this is done by opening the program, then opening the Edit menu, and selecting Preferences from the bottom of the list. Now, on the left side you’ll see a list of different categories to which changes will need made. Use the following process as a guide. If an item is NOT described, the setting has no direct application to potential security issues and can be assigned however you prefer.
UNCHECK “display PDF in browser”
UNCHECK “allow fast web view”
Category: “Multimedia Trust (legacy)”
With “Trusted documents” selected, UNCHECK “allow multimedia operations”
With “Other documents” selected, UNCHECK “allow multimedia operations”
CHECK “Verify signatures when the document is opened”
Click “Advanced Preferences”
On the “Verification” tab:
CHECK “Always use the default method”
CHECK “Require certificate revocation checking to succeed”
CHECK “The current time”
CHECK “Show timestamp warnings in Document Message Bar”
Category: “Security (Enhanced)”
CHECK “Enabled Enhanced Security”
CHECK “Create log file”
Category: “Trust Manager”
UNCHECK “Allow opening of non-PDF attachments with external applications”
CHECK “Load trusted root certificates from an Adobe server”
CHECK “Ask before installing”
Click “Update Now” (if prompted, click “Yes”)
CHECK “Automatically install updates”
Click OK. If running Vista or Win7 you’ll be prompted to confirm the security changes – click Yes.
All computers running Windows XP or newer are vulnerable to a cross-protocol handling bug that can be used to escalate privileges, allowing a user to gain administrative rights, or potentially, for an evil website to automate changes to the control panel configuration. Learn more and see a temporary workaround here:
Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.
Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.
It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.
Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.
If you’re using this hardware – these updates are for you.
Logitech SetPoint 6.10.65 corrects several bugs, and adds “stability enhancements”. This should be considered a security update.
One or more of these are likely to be of interest to everyone.
Miranda 0.8.25 provides several bugfixes, including crash bugs and several related to secure certificate handling. This is a security update.
Evernote 184.108.40.2063 corrects several bugs, including performance and memory usage. This is not a security update.
These are unlikely to be of interest to most people.
SysInternals updated Process Explorer, Autoruns, Sigcheck, & ProcDump. Autoruns now has the ability to scan an offline Windows registry hive for issues, and defaults to hiding native Windows entries. This is a huge improvement, says the guy that has to do this stuff a LOT.
Wireshark 1.2.9 is a bugfix release, incorporating over two dozen fixes, including increased protocol performance and crash bugs that might be exploitable. This is a security update.
These are unlikely to be of interest to most people.
VirtualBox 220.127.116.11467 fixes several bugs, including guest-to-guest communication, potential disk corruption and a couple reliability bugs. This is not a security update, but disk corruption is nothing to sneeze at – I would definitely recommend updating immediately.
That’s all for now folks. Keep it clean out there. 😉