This month’s Microsoft and Adobe Patch Tuesday is a huge release from both vendors.
Microsoft has released fifteen bulletins that address a total of 33 vulnerabilities for their products.
Adobe has released one security bulletin that addresses a total of 92 vulnerabilities for Adobe Acrobat and Reader.
All total, Microsoft and Adobe patched 125 vulnerabilities this month.
In addition to this being a big month for Microsoft and Adobe, it’s a big month for our Zero Day Initiative. A total of 54 of the vulnerabilities (over 43%) patched by Microsoft and Adobe are vulnerabilities we brought to them through our Zero Day Initiative. Of those, 27 (over 21%) were found by our own researchers. But the most notable thing is that one researcher, AbdulAziz Hariri, single-handedly accounts for 25 of the Adobe vulnerabilities fixed this month. That’s 27% of the Adobe fixes and 20% of all the vulnerabilities fixed by Microsoft and Adobe.
TippingPoint customers have been protected against 41 (32%) of this month’s Patch Tuesday vulnerabilities ahead of Patch Tuesday, thanks to our DVLabs team working with our ZDI Team to deliver filters ahead of these fixes (well ahead in some cases).
With this month’s Patch Tuesday, Microsoft closes out their vulnerabilities discovered in Vancouver BC at this year’s Pwn2Own event. Last month, Adobe and Google addressed their Pwn2Own Vulnerabilities. With this month’s Patch Tuesday and Microsoft’s fixes, 13 of the 21 new vulnerabilities found in March have been fixed. Apple is the sole vendor with vulnerabilities left to fix with 8 vulnerabilities total, 5 in OS X, 3 in Safari.
New Pwn2Own Vulnerabilities:
- Adobe Flash: 4 – Fixed
- Google Chrome: 1 (a duplicate of a previous, independently reported vulnerability)
- Microsoft Windows: 6 – Fixed
- Microsoft Edge: 2 – Fixed
- Apple OS X: 5 – Not Fixed
- Apple Safari: 3 – Not Fixed
Total Found: 21
Total Fixed as of May 11, 2016: 13
With this month’s Patch Tuesday, our customers using Deep Security and Office Scan with Vulnerability Protection also have protections against vulnerabilities being patched by Microsoft and Adobe.
You can get full details on all the protections from our posting over at our Security Intelligence blog.