Secunia: Skype, Java, QuickTime, PDF patches oh my; It's been an ugly 24 hours for Windows users

Secunia: Skype, Java, QuickTime, PDF patches oh my; It's been an ugly 24 hours for Windows users

Summary: The last 24 hours has been a patch barrage with Sun, Adobe, Apple and Skype all issuing patches. But what's notable is how these patches affect Windows users.

SHARE:

The last 24 hours has been a patch barrage with Sun, Adobe, Apple and Skype all issuing patches. But what's notable is how these patches affect Windows users.

According to statistics compiled via Secunia's PSI application the number of users that need to get patching is staggering. And these patches aren't a big deal individually. Collectively, however, the message from the patch fest on Wednesday is clear: You can't do basic surfing without these patches.

Some stats (with links to the patches or blog posts detailing the issue):

Currently, the Secunia PSI has been installed on 282,726 computers.

Unique installations, counting each application only once per. computer:

Adobe Reader 8.x    172,653    61.07% of all computers affected Apple QT 7.x         133,169    47.10% of all computers affected Sun Java 1.5.x    98,618    34.88% of all computers affected Skype 3.x (upgrade required for patch)    57,496    20.34% of all computers affected

Bottom line: Secunia reckons that 81 percent of all computers connected to the Internet need to install at least one of these security updates.

Topics: Social Enterprise, CXO, Collaboration, Hardware, Open Source, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

19 comments
Log in or register to join the discussion
  • again, Linux is safe folks!

    only windoze can have so many security holes in a single day.
    Haven't heart of security issues on Linux for a long time!
    Linux Geek
    • These are not Windows security problems

      and as soon as these companies start writing software for Linux (which would make Linux usable), you shall see them there as well.

      Nice trolling though. Mindless, but consistent.
      mdemuth
      • Windows Messaging Architecture is Cause

        Actually it is a Windows problem. The architecture Windows is built upon is the primary reason why so many applications can bring the entire OS down. Go back several years and search the security white papers, the way Windows implements messaging queues is the reason for so many of the problems. Mature OS's don't allow user facing applications to have such a freewheeling access to critical OS functions. That's why Windows can't be fixed without a complete reconceptualization of how the OS is supposed to work.
        bob@...
        • Are you talking about shatter attacks?

          Shatter attacks have nothing to do with any of the flaws listed here, and have only been the cause of a small number of flaws in the past. Generally, if I run two programs on the same desktop I expect them to be able to communicate to each other.

          Vista does introduce a huge change to window messaging: 1) session 0 isolation, where your apps never run in the same session as services and thus your apps cant' send any messages to poorly-written services. 2) user-interface process isolation (UIPI) prevents lower-integrity apps from sending messages to higher-integrity apps. E.g. if someone tries to exploit a hole in your protected-mode IE, they will be unable to send any window messages to Explorer or any apps you ran as Admin. Also any "regular" apps you run are unable to send window messages to apps you ran as Admin. There is an API which allows these higher-integrity apps to opt-in to receiving certain specific messages from lower-integrity apps, but then it is the app making the choice.

          (Of course session 0 isolation wouldn't have been needed if people would have designed their services correctly to begin with.)
          PB_z
        • You "almost" sound convincing...

          But then again, trolls don't usually succeed.
          transposeIT
      • Yeah, well...

        Trolls never let reality or facts influence their juvenile rants. Just smile at him like you would any other mental defective. Oh, and wipe the drool off his chin if you don't mind... he tends to be a bit messy.
        Hallowed are the Ori
      • Linux is usable

        There are tons of free, non-name brand programs that do everything a user could need.

        Just check out Ubuntu and launch Synaptic. See how many programs there are. :)

        So a Linux user can use programs equivalent to the ones listed in this story AND still be free of viruses while on the net? What a great, usable computer that is. :)
        bricar2
        • Um, can it rnu CoD 4?

          ... not usable for me then...
          tikigawd
        • Usable?

          Keep on dreaming. Majority of users don't think it's worth sh*t.
          transposeIT
    • Now, I gotta correct a couple of things

      1) There are lots of updates to all my Linux software. Some usability, bug fixes and yes security
      2) Yes Linux is safer (than any non Vista version) simply because of non admin (yes, yes yes, XP can run some apps as non admin, the 19 people who run XP as non admin are more secure than the other 585 million)
      3) I think you mean you haven't heard of active exploits, but there are a LOT of potential security problems that get fixed.

      The real story is how trivially easy and time saving it is updating a Linux machine. For me it is 1 click, 1 enter root password, 1 read what I want to update, 1 click OK and 1 come back to find it done.

      NOTE: yes, in 2 years now, I have had to reboot twice for kernel upgrades. Reboot to update non kernel software!?, Why would a user need to do that, just restart the application. :D

      TripleII
      TripleII-21189418044173169409978279405827
    • again, Linux is safe folks

      There no profit in attacking a TOY OS! And of course we've never heard of "heart" of security issue on Lynmux oops, I mean lineux!

      Please let Mickey and Goofy know their still safe!
      fredfarkwater@...
  • Why not 89%?

    Given independant probabilites of 61%, 47%, 34%, and 20%, isn't the combined probability of one or more of them occuring 89%?
    TheTruthisOutThere@...
    • 89%

      How did you figure that a combined probability is higher than the largest of the independEnt ones...?
      tikigawd
  • Windows needs an apt-get interface, or similar.

    All MS software vendors register their new packages with the "wapt-get" database, and with a single click (Like Linux user's enjoy), and all installed software gets updated.

    Wrinkles. 1) Order of reboots, which one needs to go when. 2) Overlap. Unlike Linux, all share the registry, and other common resources. 3) Never mind, #1 and #2 on current architecture, too much to go wrong.

    OK, how about a "wapt-get" NOTIFICATION mechanism. All software suppliers notify the database of most current version and through a central "notifier" the word gets out, each with it's own developed upgrade mechanism.

    I once checked a friends computer and 423 update daemons were running on his (W2K) PC. Boot time was ~5 minutes and the system was dog slow. Printer software vendor's daemon, Adobe updater daemons, Scanner updater daemon, it was a mess.

    Course, harder to sell upgrades, etc if you don't install your own update daemon.

    TripleII
    TripleII-21189418044173169409978279405827
    • 23, NOT 423. (NT)

      (NT)
      TripleII-21189418044173169409978279405827
    • Problem is: Who Will Certify Patches?

      There are several third-party apps that will help with this problem (guess what? Secunia makes one for sale to compamnies! Imagine that!) but ...

      Microsoft wants no part of certifying third-party stuff. (They have there own issues.) So apt-get for Windows from MS is a non-starter.
      PMC-CON
      • Yes, that's why I revised to simply a notifier.

        They need a central notifier, but it won't happen. MS would become responsible (appearance) and like I said, everyone needs distinct update daemons for every app. Not quite sure that I was thinking? :D

        TripleII
        TripleII-21189418044173169409978279405827
  • RE: Secunia: Skype, Java, QuickTime, PDF patches oh my; It's been an ugly 2

    Hyperbole, anyone? Lets see, I guess I am one of the fortunate few who magically doesn't need any of these "critical" updates. Let's all panic: Adobe Acrobat and Apple Quicktime need Updates. Well, the sun in the morning and the moon at night. Neither company can produce safe and stable software, so the ubiquitous Acrobat and Quicktime updates are inevitable. And, sorry Secunia, Skype does not, apparently, require any update on my system. Just plain vanilla Vista 64-bit.
    nduccini@...
  • RE: Secunia: Skype, Java, QuickTime, PDF patches oh my; It's been an ugly 24 hours for Windows users

    Better VMWare with SUN and Windows in mind is a Grande Latte Mocha Expresso! or beg for it from Phoenix Bios as an J2SE Update for 1.5.0_5; I even heard it is a quadcore JRE patch...I wonder if Mi-crows and calves style this kind of dribble, lol!
    rtirman37@...