By: Jason Miller, Manager of Research and Development at VMware
This week in patching was highlighted by Microsoft’s December 2012 Patch Tuesday. Microsoft released seven security bulletins addressing 12 vulnerabilities. You can read my full write up on Patch Tuesday here.
On the non-Microsoft front, Adobe released an update for their Adobe Flash Player and Air products. Adobe Security Bulletin APSB12-27 addresses three vulnerabilities as is rated as Critical. Adobe has started the trend of releasing security updates for Flash Player on Microsoft’s Patch Tuesday. This trend will probably continue as Microsoft and Google both bundle Adobe Flash Player in their latest browsers.
On that note, Microsoft released an update for their security advisory (KB2755801) to include the latest version of Adobe Flash for Internet Explorer 10. Google released an update on Patch Tuesday for their Chrome browser. Google Chrome 23.0.1271.97 contains the latest version of Adobe Flash Player as well as addressing six Google Chrome vulnerabilities.
To wrap up Patch Tuesday, Apache released a new version of Tomcat for Windows with version 7.0.34. This latest version of Tomcat is a non-security update.
On Thursday, Oracle provided updates for Java version 6 and 7. Java 6 update 38 and Java 7 update 10 are non-security releases. The next scheduled security update for Oracle Java is planned for February 19, 2013. It is important to note that the next scheduled security update will be the last time Java version 6 will receive a security update. At that time, Oracle will continue to provide security updates for Java version 7. In the next few months, administrators should look at testing the upgrade for Java version 6 to version 7. Java can be quite tricky to upgrade. There are occasions where older software programs that rely on Java simply will not work with the latest version. By June 18, 2013, administrators should be upgraded to Java 7. That date will be the next scheduled security update after Java 6 has reached end of life for support.
On Friday, Apple provided updates for their iTunes product with version 11.01. This update addresses non-security issues with their recent major upgrade in version 11.
Typically, the last two weeks of the year are very quiet for vendors releasing patches for their software. If any vendor does release updates, I will be back next Friday with an update on the happenings in patch management. If not, I will be getting a head start on ringing in the New Year.
Happy Patching and Happy Holidays!
– Jason Miller
Click here to learn more about how VMware Go Pro can help you better manage your IT infrastructure.