This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.
Read More This month’s Patch Tuesday entry patched a number of critical vulnerabilities from Microsoft and Adobe, including a DNS-related vulnerability, CVE-2018-8225 and a critical Flash Player vulnerability, CVE-2018-5002.
Read More Microsoft has rolled out its Patch Tuesday for April to address security issues in Internet Explorer (IE), Edge, ChakraCore, Visual Studio, Microsoft Office and Office Services and Web Apps, and Malware Protection Engine. Of the 67 listed vulnerabilities, 24 were rated critical. Eight of these were disclosed through Trend Micro’s ZDI program.
Read MoreOn March 10, Adobe has released an emergency out-of-band update to fix a zero-day vulnerability that was being used in targeted attacks. The vulnerability was designated as CVE-2016-1010. To analyze this vulnerability, I examined an earlier version of the Flash Player (Flash32_19_0_0_185.ocx file on Windows 7) to find the root cause of the vulnerability.
Read MoreFollowing its release of a security update for Acrobat and Reader, Adobe has released another one, this time to address 23 reported vulnerabilities in Flash. In its advisory (APSB16-08), Adobe notes that this patch addresses critical vulnerabilities that could allow an attack to gain control of an affected system. They further note that one of the vulnerabilities (CVE-2016-1010) “is being used in limited, targeted attacks.”
Read More