Microsoft releases its Security Bulletins for November 2005
Late last night Microsoft released a Security Advisory regarding an improper memory access vulnerability discovered in Macromedia's Flash Player 7 and reported in Macromedia Security Bulletin: MPSB05-07. Macromedia's Flash Player has been shipped with Internet Explorer since Windows 98. However, users of Firefox and other browsers also need to update any Flash Players installed with these browsers. As there are different plugins for different browsers, users who use more than one browser will have update each of these browsers' Flash Players seperately.
To check your browser's Flash Player version point your browser to Macromedia's about page.
Microsoft Windows Security Bulletin for November reports the release of one security patch rated "critical". Details of the vulnerabilities this patch pertains to are published in Microsoft's technical summary of the November Security Bulletin.
This month's bulletin reports critical vulnerabilities in the Windows graphics rendering engine and the handling of Windows Metafile (.wmf) and Windows Enhanced Metafile (.emf) formats. These vulnerabilities could potentially allow for remote code execution on an affected computer. Although these are old vector graphics image formats in little use today, an attacker could potentially embed a specially crafted image into an e-mail message or a webpage, causing code to be executed when the image is rendered.
Users are advised to patch their systems against these vulnerabilities immediately. Patches can be downloaded via links posted within the appropriate Security Bulletins or by visiting Microsoft Update.
We recommend that users patch their systems by downloading and installing critical Microsoft updates as soon as possible.
Users are also encouraged to update their antivirus software daily and to install a firewall on their computers, if they have not done so already. For more information on firewalls, please read Microsoft's tutorial on how to protect your PC.