Adobe sneaks out mega security patch

While bloggers tut-tut at Microsoft’s record 34 vulnerabilities, patched yesterday in 13 updates, Adobe has sneaked out fixes for a staggering 29 flaws in just two products.

Microsoft’s latest ‘Patch Tuesday’ release fixed 34 vulnerabilities in 13 updates, including two zero-day flaws in its Server Message Block (SMB) protocol and FTP Service. Eight of the 13 patches repaired ‘critical’ errors in every version of Windows and Internet Explorer, including critical bugs in the SMB.

The affected products include Internet Explorer, Office, SQL Server, Microsoft Forefront, Silverlight and Microsoft Developer Tools, as well as third-party ActiveX components. Of the available patches on Windows Update, 12 were needed on our XP machine and six on Windows 7. Some of these were regular virus and malware definition updates.

But while it is seen as jolly good fun to use the number of patches issued for Microsoft products as evidence of poor design and a lax attitude to security, where are the brickbats for Adobe for releasing its patches on exactly the same day, no doubt hoping no one will notice?

Yesterday, Adobe rolled out fixes for a total of 29 security vulnerabilities in its Reader and Acrobat applications, which apply to all Windows, Mac and Unix systems. The company released a security advisory last week warning of attacks exploiting critical flaws that could cause the apps to crash and enable remote attackers to take control of machines and install malware.

When you consider that MS issued 34 patches covering seven application families and three operating systems, while Adobe had to plug 29 holes in just two apps, one wonders which of the two companies has furthest to go in terms of providing secure products.

And in terms of the update process itself, Windows Update is pretty elegant, while Adobe Updater was memorably described by a reader earlier this week as ‘needing to be taken out back and shot in the face’.