Security updates from Adobe, Mozilla, Microsoft, NVIDIA, Asterisk

The year is starting with a lot of pressure for  Adobe, Mozilla, Microsoft, NVIDIA and Asterisk which had to push security updates to fix several critical security vulnerabilities.


Microsoft has released their monthly patch containing seven bulletins  which close 12 security problems rating as Critical and Important. All versions of Windows are affected, including Windows 8 and Windows Server 2012. Also Microsoft Office Suites version 2003 and version 2007, Sharepoint Server 2007, Microsoft Groove Server 2007, Microsoft System Center Operations Manager 2007 and 2007 R2  are affected.

They are all affected by the critical vulnerabilities found in Microsoft XML Core Services 5.0 (MS13-002) which could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

The other critical vulnerability is in Windows Print Spooler Components that could allow remote code execution (MS13-001) if a print server received a specially crafted print job.

You don’t have to do anything in special about these updates. They will be delivered using Windows Update. Note that a reboot is required after the installation.



Adobe has released 27 fixes in AirFlash, Reader and Acrobat. With such an amount of fixes, all that we can do is to recommend you to urgently install the patches as specified in the links. Of course, when Adobe has such a storm of patches this means that all browsers will have to release this update as well. So, expect updates also from the major browsers on supported operating systems.



Firefox 18  revokes the mis-issued TURKTRUST certificates and fixes other 20 issues (12 critical).

Thunderbird 17.0.2 revoked also the same flawed certificate and fixes other 18 issues (12 critical).

 SeaMonkey 2.15 revoked also the same flawed certificate and fixes other 19 issues (12 critical).



Released an updated suite with version 310.90 which fixes a buffer overflow in a kernel driver. The vulnerability could be exploited by an attacker to obtain administrator privileges for Windows versions from Vista above.



Several vulnerabilities were fixed in the well-known open source VOIP application. The vulnerabilities are buffer overflows on the stack which can be exploited using the HTTP, SIP and XMPP protocols. Digium, which uses the open source software in their commercial VoIP phones released also new firmware based on the fixes made in the open source version.


Sorin Mustaca

IT Security Expert

via Avira – TechBlog

© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

Comments are closed.

%d bloggers like this: