Microsoft, Adobe issue security updates for more than 50 bugs

Share this article:

Microsoft and Adobe on Tuesday put security administrators to work with the release of security updates covering a swath of issues.

And they're going to have to work fast, as each software provider is patching a vulnerability that is under active exploitation.

Microsoft's update consists of five "critical" and four "important" bulletins, addressing 26 deficiencies in Windows, Internet Explorer (IE), Exchange Server, SQL Server, Server Software, Developer Tools, and Office.

Security researchers who analyzed the patches mostly agreed over which patch is the most pressing to apply: MS12-60. The vulnerability, which impacts Windows Common Controls, is similar to an issue patched in April. According to Microsoft, "limited, targeted" exploits have been spotted that take advantage of the flaw.

"It affects all platforms of Windows and addresses an ActiveX component that's redistributed in many places in Windows," said Paul Henry, security and forensic analyst at Lumension. "It's an issue that was previously patched, and this month's patch cleans up the previous one. This is a very high priority update because it's native in Windows and impacts all Windows platforms."

Adobe, meanwhile, offered updates to its Reader, Acrobat, Shockwave Player and Flash Player products. Reader/Acrobat were upgraded to plug 20 vulnerabilities, Shockwave received five patches and Flash received one fix.

But it was the Flash update that is most important. Adobe said in an advisory that the vulnerability is being actively exploited by attackers in "limited, targeted attacks" against users of Flash for Internet Explorer in Windows.

Microsoft offered a number of other fixes that piqued researchers' interests.
Page 1 of 2
Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.