Leave a comment

7 critical Microsoft and Adobe threats to fix - Hackers already using one to spread malware!

7 critical Microsoft and Adobe threats to fix - Hackers already using one to spread malware!

Happy Holidays, everyone! If you are a regular reader of Komando.com, you should know by now that Microsoft issues a set of cumulative updates once a month. This day, which usually falls on the second Tuesday of each month, is unofficially called Patch or Update Tuesday by tech fans and savvy Windows PC users alike.

It's not exactly a big red-letter day for the tech industry but IT professionals and regular consumers mindful of computer security are always eager to know what each Patch Tuesday brings. These updates usually contain bug fixes, security patches and malware database refreshes for supported Windows operating systems and a slew of Microsoft software products.

December 2016 Microsoft Updates

We recommend that you check this month's Microsoft's patches as soon as possible since they close three publicly disclosed vulnerabilities. Although being publicly known does not necessarily mean that these flaws are being actively exploited, it does give hackers a head start.

Critical Patches

MS16-144 addresses bugs in Internet Explorer, which can allow remote code execution.  Three of these flaws are publicly known:

CVE-2016-7282 – a browser information disclosure vulnerability

CVE-2016-7281 – a browser security feature bypass bug

CVE-2016-7202 – a scripting engine memory corruption vulnerability

MS16-145 is a Microsoft Edge update that patches flaws in object handling in memory that can lead to remote code execution. Similar to the Internet Explorer flaws, three of these are publicly disclosed:

CVE-2016-7206  and CVE-2016-7282 - a browser information disclosure vulnerability

CVE-2016-7281 - a browser security feature bypass bug

MS16-146 fixes holes in Windows Graphics Components that can lead to remote code execution and information disclosure.

MS16-147 patches a remote code execution hole in Microsoft Uniscribe's object handling in memory.

MS16-148 is a cumulative update to fix security flaws in Microsoft Office, which can lead to remote code execution. These whopping 16 vulnerabilities include memory corruption bugs, security feature bypass flaws, Office information disclosure and an elevation of privilege bug in Microsoft AutoUpdate.

The most critical of this set of updates is MS16-154 which patches 17 flaws including a fix for a zero-day exploit. As you may well know, zero-day vulnerabilities are previously unknown software exploits that are already being used by hackers even before the software makers are made aware of them, so make sure you apply this patch especially if you're still using Adobe Flash.

A small update in this batch is not a security patch but a software fix that may interest quite a few users. This update, KB3206632, fixes a Wi-Fi connection issue reported for Windows 10.

Adobe Patch Tuesday

Similar to Microsoft's update cycle, Adobe also has their own Patch Tuesday for patching and fixing flaws in their software products.

This month's Adobe update includes the fix for the zero-day Flash Player fix (same as Microsoft's bundled Adobe fix). This fixes attacks aimed at 32-bit Windows Internet Explorer browser. This could be related to the Javascript and Flash hack we have reported about recently.

Other critical Adobe Flash patches include buffer overflow and memory corruption vulnerabilities, which can all lead to remote code execution.

Update Now

How to update Windows

Most Windows machines are set to download and install updates automatically by default. If you haven't changed your automatic update settings then you should be fine.

But if you want to check, here's how:

 

Automatic Windows updates

 

On Windows 10, click Start (Windows logo), choose "Settings," select "Update & Security," then on the "Windows Update" section, click on "Advanced Options." (Note: the "Windows Update" section is also handy for showing you updates that are currently being downloaded or applied.) Under "Advanced Options," just make sure the drop down box is set to "Automatic."

If you have an older Vista or Windows 7 system, check out our tips on how to set up and check Windows Updates.

Update Flash

For Chrome, Internet Explorer 11, and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually.

--> Click here to use our Adobe Flash Update Tool guide for download and install instructions.

The latest Flash Player version for Windows, Mac, Chrome, Microsoft Edge and Internet Explorer 11 and Linux is 24.0.0.186.

Next Story
How much would it cost to run Griswolds' Christmas lights from "National Lampoon's Christmas Vacation?"
Previous Happening Now

How much would it cost to run Griswolds' Christmas lights from "National Lampoon's Christmas Vacation?"

Get FREE shipping from your favorite retailers December 16th!
Next Happening Now

Get FREE shipping from your favorite retailers December 16th!

View Comments ()