Firms urged to apply Microsoft and Adobe patches

Microsoft is ending 2009 with six patches, three of which are critical and three important, while Adobe too is fixing some issues, weeks before its next quarterly round-up.

The Microsoft fixes affect a number of systems, including Internet Explorer, Active Directory, Word Pad and Windows Server 2008, while the Adobe fixes are for Flash and Air.

"Any of these critical vulnerabilities could let an attacker gain full control over a vulnerable Windows computer,” said Dave Marcus, director of security research and communications at McAfee Labs. “There are a lot of attackers who want to take advantage of you if you're unpatched."

Matthew Walker, regional director UK and Ireland at security solutions provider Lumension, said: "Of the three critical patches, MS09-072 is the most ubiquitous, affecting all versions of Internet Explorer and carrying Microsoft's highest exploitability rating. This, combined with updates issued by Apple for Java for OS X, Adobe's Flash Player and AIR, make this month particularly important for IT departments to shore up patches and protect against web-borne malware threats."

Walker added that the Windows Server 2008 patch would be of particular interest to enterprises.

“The last critical Bulletin, MS09-071, affects Windows Server 2008 and requires a restart. Although Microsoft’s exploitability scale for this bulletin is less severe, as Windows Server 2008 is most commonly deployed in support of mission-critical applications, this update has the potential to be severely disruptive to business operations,” he said.

Meanwhile, Symantec's senior research manager from the Security Response team, Ben Greenbaum, urged IT administrators to fix the Adobe issues as quickly as possible.

"Though both Adobe updates are critical, the Flash Player update should be applied immediately by all users,” he said. “Flash is used so commonly that it should definitely be a high priority."