Microsoft issues critical Flash security update
Microsoft, despite deciding not to release any patches in February, has pushed out a critical security update containing patches developed by Adobe for the Adobe Flash Player.
The patch, MS17-005, updates Flash libraries contained within Internet Explorer 10 and 11 as well as Microsoft Edge to address exploits that could be used to trigger remote code execution.
According to Microsoft, an attacker could potentially exploit the vulnerabilities in unpatched versions of the browsers by hosting a specially crafter website designed to exploit them and convincing a victim to visit or by embedding an ActiveX control in an Office document hosting the IE rendering engine.
Affected software includes Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2016 and Windows Server 2012, although the impact is only listed as moderate and not critical for the latter OS.
The update also lists a series of potential workarounds to limit exposure to the vulnerability for unpatched systems, including disabling Flash, preventing it from running within Office 2010 and disabling ActiveX controls in Office 2010 or 2007.
Adobe released this month's Flash patches on the 14th of February, the same day Microsoft would traditionally have issued its Patch Tuesday Windows updates.
But Microsoft, after transitioning to a new model that removes the fixed schedule for issuing patches, this month revealed it will push back the release of the planned February updates until March.
Australian ransomware payments average at $9.27 million
Data from Sophos suggests that Australian businesses falling victim to a ransomware attack...
Akamai launches zero trust platform
Akamai's new Guardicore platform combined Zero Trust Network Access with microsgmentation to...
Veeam buys ransomware response company Coveware
Veeam has arranged to augment its cyber extortion incident response capabilities with the...