Microsoft, Adobe drop patches for dozens of bugs

Share this article:

Microsoft and Adobe on Tuesday both shipped security updates for their widely deployed products, with the former issuing seven patches to address 12 vulnerabilities and the latter distributing fixes for Reader, Acrobat and Flash.

Researchers said the two Microsoft bulletins to focus on are MS13-001, which corrects a single bug in Windows Print Spooler that could allow remote code execution, and MS13-002, which remedies two vulnerabilities in XML Core Services.

The XML flaws could be exploited via a malicious web page in Internet Explorer, according to Microsoft.

"This [patch] impacts a dog's breakfast of Microsoft operating systems and applications, including Windows 8, RT (which runs on mobile devices) and Server 2012," said Ross Barrett, senior manager of security engineering at Rapid7, a vulnerability management firm, in prepared comments. "One thing to watch out for in this type of vulnerability is applying all the patches that apply to a system...Administrators will have to patch for each affected component."

Left off the patch batch was a fix for a zero-day vulnerability in Internet Explorer which has been used to serve malware from a few high-profile websites. Microsoft has issued a temporary workaround, and IE 9 and 10 are not affected.

Meanwhile, Adobe on Tuesday updated Reader and Acrobat for 27 vulnerabilities, and Flash for a single weakness. The company said it was not aware of any of the bugs being used in active attacks.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Company news: New hires at Accuvant, ZeroFox and ThreatStream

New hires at Accuvant, ZeroFOX and ThreatStream, while a divestiture at Juniper and an acquisition for BlackBerry.

News briefs: The latest on Sony, Android, Backoff malware and more.

News briefs: The latest on Sony, Android, Backoff ...

This month's news briefs cover a preliminary settlement Sony will bear for the exposure of 77 million customers, and more.

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.