Original URL: http://www.theregister.co.uk/2014/03/11/microsoft_adobe_patch_tuesday/

It's 2014 and Microsoft Windows PCs can still be owned by a JPEG

Update now: OS, Internet Explorer and (of course) Flash all in line for fixes

By Shaun Nichols

Posted in Security, 11th March 2014 21:26 GMT

Patch Tuesday Microsoft has fixed security bugs in Internet Explorer and Windows that allow hackers to remotely execute code on victims' vulnerable machines – one bug a result of poor JPEG handling.

Redmond said the March edition of Patch Tuesday – out today, natch – tackles programming errors in the software giant's web browser, operating system and Silverlight package. Users should update their systems as soon as possible:

Microsoft credited 23 outside researchers in helping to root out and report the IE flaws, exploits for which do exist, we're told. Discovery of the DirectShow cock-up was credited to VeriSign's iDefense Labs.

Adobe, meanwhile, is advising users to update Flash after the company released an update for the media plugin on Windows, OS X and Linux. That patch addresses a pair of security flaws that could allow attackers to bypass security protections or view the contents of a user's clipboard.

Adobe credited discovery of the flaws, which have not yet been targeted in the wild, to researchers Jordan Milne and Masato Kinugawa. Users can obtain the update through Adobe's download site or by updating their copies of Chrome and Internet Explorer to the latest stable releases. ®