Microsoft, Oracle and Adobe Systems issued security updates this week, giving system administrators plenty of work to do as part of the first round of patches issued in 2014.
Patching experts at service providers told CRN that Oracle's January 2014 Critical Patch Update, which addresses 144 vulnerabilities, deserves the most attention this month. Oracle issued critical Java fixes, repairing 34 flaws that can be remotely exploited by attackers. Every business needs to address Java at the endpoint because it is one of the most targeted software platforms, said Nash Pherson, a senior systems consultant at NowMicro, a St. Paul, Minn.-based service provider.
"Oracle is very clear that you should only have the most current update of Java running on your systems," Pherson said. "Having multiple versions running on your client's endpoint is setting you up for malware infections."
[Related: Breach Stats Prompt Need For Vulnerability, Configuration Assessment: Report ]
Recent attacks targeting Yahoo users in Europe exploited a Java vulnerability on users' machines, said Wolfgang Kandek, CTO of Qualys, Redwood Shores, Calif. The attacks were served up via a third-party advertising service used by the search engine giant to display ads on its home page.
"Java was one of the most attacked softwares in 2013 and it will continue to be so due to its sluggish update record," Kandek said.
Oracle also repaired flaws in the MySQL database management system, its virtualization software and the Oracle Solaris server software. Service providers should talk with their clients about patch management practices as a best practice to help reduce the risk of malware infections, Pherson said.
Microsoft, meanwhile, issued four bulletins in its January 2014 Patch Tuesday, repairing a flaw in Microsoft Word and a zero-day vulnerability being actively targeted by attackers against users of Windows XP and Windows Server 2003. NowMicro's Pherson called this month's round of Microsoft updates a light one, with all the security bulletins rated as important. NowMicro gave some of the coding errors a top rating on the exploitability index, indicating that attackers would be able to create malware targeting the flaw very quickly, Pherson said.
Microsoft also repaired a flaw in the Windows kernel that can be exploited to elevate privileges and errors in the Windows kernel mode-drivers. Both bulletins indicate that in order to exploit the errors, an attacker would need to have valid logon credentials and be able to log on locally to exploit the vulnerabilities.
Microsoft also addressed a flaw in Microsoft Dynamics AX enterprise resource planning software for businesses. An attacker could use the coding error to cause the system to freeze or crash, Microsoft said.
Finally, Adobe issued two critical updates addressing three coding errors in its Acrobat and Reader programs that can be targeted using a malicious PDF file. The company also repaired vulnerabilities in Adobe Flash, often targeted by attackers in drive-by attacks that infect visitors to hijacked websites.
PUBLISHED JAN. 15, 2013
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

Tenable
Cyber Risk 360

Dell Technologies
Dell Technologies Cloud Learning Center

EPOS
EPOS

Fujifilm
Fujifilm

Application Integration 360

Mimecast
Mimecast

Hitachi Vantara
Hitachi Vantara

Dell Technologies
Dell Technologies Storage Learning Center

Carbonite
Cloud Storage 360

Webroot
Webroot Learning Center

BlackBerry
BlackBerry Learning Center

NPD
Industry Trends 360

Symantec
Symantec Business Security Learning Center

Channel Chief Showcase

Acer
Remote Workforce 360

Sherweb
Sherweb

APC by Schneider Electric
Digital Services for Edge Learning Center

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

Comm100
Collaboration & Communications 360

Veeam
Veeam

Smart 3rd Party
3rd Party Maintenance 360

Sophos
Sophos Cybersecurity Learning Center

Trend Micro
Trend Micro Learning Center

VMware

HubStor
Cloud Backup 360

eSentire
Managed Detection and Response 360

Comcast Business
Comcast Business Learning Center
