Get your update caps on, it's that time of the month everyone! Patch/Update Tuesday came and went yesterday and Microsoft and Adobe issued their usual monthly software patches to fix various vulnerabilities.
As we all know, it's important to update your software and apply the new patches as soon as possible to prevent attackers and hackers from exploiting these holes.
Microsoft issued 14 security bulletins yesterday that patched 47 vulnerabilities including seven marked as critical.
The updates include fixes for the Internet Explorer and Microsoft Edge browsers, Microsoft Office, Microsoft Exchange Server, Microsoft Graphics Component, Silverlight, and various components of the Windows OS. They also deployed patches for the Windows PDF Library and the Adobe Flash Player.
Ten of these security holes could lead to remote code execution so it's imperative that users update immediately.
One particular update for Internet Explorer 9 through 11 and the Microsoft Edge browser, CVE-2016-3351, is extremely critical since it is a zero-day exploit, meaning the hole is already being exploited in the wild. This vulnerability is reported to be in use by attackers for embedding malicious ads in websites that lead to ransomware installations if clicked on.
The other browser patches resolve memory corruption and information disclosure vulnerabilities while the updates for Exchange Server, Silverlight, and the scripting engines prevent remote code execution.
The security updates for Microsoft Office likewise resolves memory corruption and information disclosure vulnerabilities and one patch, CVE-2016-0137, is said to be a 10-year-old issue that allows hackers to bypass the protection mechanism in the Click-to-Run components of Microsoft Office.
Microsoft also bundled the Patch Tuesday updates for Adobe Flash Player with the rollout. These updates resolve issues in Flash Player that may lead to remote code execution.
This is likely the last Flash Player update included in Microsoft's monthly security bulletins since the company is moving on to their "monthly rollout" system next month. The new system will roll out all the patches in one single update file starting in October.
Aside from the Adobe Flash Player patches that were rolled out yesterday, the company also issued fixes for Digital Editions and Adobe AIR.
The Digital Edition patches eight memory corruption and use-after-free holes that could lead to remote code execution. These bugs affect Windows, OS X, iOS and Android.
The Adobe AIR SDK and Compiler received a single non-critical update that adds support for secure transmission of analytics for Android.
To read more about Microsoft's updates, check out their Security Bulletin.
For Adobe's updates, check out their Security Blog.