This week brings two important security updates from Adobe and Microsoft that will affect hundreds of millions of Windows users.
Yesterday, Adobe rolled out fixes for 25 vulnerabilities in its Flash Player, ahead of its normal schedule. Microsoft also surprised customers, following suit and pushing its own nearly identical patch for Internet Explorer 10. Microsoft's Monday update will only affect a handful of Windows 8 users as the new operating system doesn't go on sale until later this month.
In contrast, Microsoft's normally scheduled Patch Tuesday — today — will be fairly light and mostly fix Office bugs.
Flash fixed
Infosecurity Magazine speculated that Adobe's surprise patch may be in anticipation of Google's upcoming Pwnium 2 contest in Kuala Lumpur, Malaysia tomorrow (Oct. 10). All but one of the vulnerabilities patched yesterday were discovered by Google, who baked the player into Chrome. The Internet behemoth pays freelance researchers to bust its browser and is offering up a purse of up to $2 million for successful Chrome hacks.
Conveniently for Chrome users, Google's browser updates automatically. Like Chrome, Internet Explorer 10 comes with Flash on board and also updates automatically. A preview of the new browser on Windows 8 has been available to some developers and reviewers since August and goes on sale later this month.
The Redmond, Wash.-based software developer caved to pressure from angry and annoyed users and reversed itself after announcing that it would not replicate Adobe's previous out-of-band patch in August.
Users with other browsers are encouraged to adopt the Adobe fixes as soon as possible.
Pumpkin Patch
October’s Patch Tuesday is Microsoft's second update in two days and fixes a total of seven flaws, but only one critical one.
The update will affect Office, Lync, SharePoint, Groove Server and SQL Server versions 2000, 2005, 2008, and 2012. It will also refuse certificates with less than 1024-bit encryption.
The Office updates are important for fending off phishing and remote code injection attacks. The Office patch will be the most ubiquitous, affecting all versions of the software.
The other patches will protect users against denial-of-service issues and cross-site scripting attacks.
All of the patches have been rated critical or important and should be installed as soon as possible.
You will need to restart your computer.
Follow Ben on Twitter.