Patch Tuesday October 2014

Another month, another patch tuesday!

Microsoft issued eight security bulletins that address over two dozen vulnerabilities, including previously mentioned SandWorm.

Adobe has released security hotfixes for ColdFusion versions for all platforms. These hotfixes address a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator. Cross-site scripting and cross-site request forgery vulnerabilities are also addressed in the hotfixes.

Adobe has also released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

Oracle has released critical updates to a large amount of software (see link below), but amongst the most noticable are Oracle Database, Solaris, MySQL, VirtualBox and Java.

More information:
http://helpx.adobe.com/security/products/coldfusion/apsb14-23.html
http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
https://technet.microsoft.com/library/security/ms14-oct