Leave a comment

Critical Microsoft and Adobe security holes you need to patch now

Critical Microsoft and Adobe security holes you need to patch now
© Dennizn | Dreamstime.com

Every month, Microsoft issues a set of cumulative updates. This day, which usually falls on the second Tuesday of each month, is unofficially called "Patch Tuesday" or "Update Tuesday" by tech fans and savvy Windows PC users alike.

This month, Microsoft issued fixes for 46 security flaws in Windows and other Microsoft software products. Of these fixes, 25 were rated critical, 21 were deemed important. Among these flaws a whopping 27 can be exploited to run remote code, meaning they can allow an attacker to take over a computer.

August 2017 Microsoft fixes

Aside from fixes for all supported Windows systems, this month's set of patches also addresses issues in Microsoft's Edge browser, Internet Explorer, SharePoint, Hyper-V and even a patch for the Linux subsystem in Windows. According to Microsoft, none of these flaws are currently being exploited in the wild.

The most critical fix that you need to apply now is a flaw in Windows Search that can allow an attacker to send specially crafted messages to the Windows Search service and take control of a computer remotely (CVE-2017-8620).

This month's release also has numerous patches that involve the Windows Scripting Engine. Bugs in this engine can affect Windows browsers and Microsoft Office and should be applied as soon as possible on systems that use email and rely on Windows browsers for internet access.

Other important security updates address vulnerabilities in the Windows font library that can allow an attacker to execute remote code via a poisoned website or file (CVE-2017-8691). A remote code execution vulnerability in Windows 10 through Microsoft Edge's PDF viewer was also fixed (CVE-2017-0293).

As expected, Microsoft did not patch the SMBLoris flaw we reported about recently. Since SMBLoris affects all versions of the SMB service in all versions of Windows, the best way to protect your system is to block off ports 445 and 139 in your firewall from the internet and limit their access internally.

Adobe Updates

As usual, Adobe also released its own security updates for its software products, including Adobe Flash, Adobe Acrobat and Acrobat Reader. The patches address 67 vulnerabilities across Adobe products, 43 of which were deemed critical. Thankfully, none of the flaws are reportedly being exploited by hackers (Adobe patch details).

Most of the critical fixes are for remote code execution and information disclosure vulnerabilities for Adobe Acrobat and Acrobat Reader so update as soon as you can if use these products for viewing documents.

Adobe also issued two security fixes for Adobe Flash that address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure. If you're still using Flash, please update your version to 26.0.0.151 immediately. Keep reading for instructions on how to update this software.

How to update Windows

Most Windows machines are set to download and install updates automatically by default. If you haven't changed your automatic update settings then you should be fine.

But if you want to check, here's how:

 

Automatic Windows updates

 

On Windows 10, click Start (Windows logo), choose "Settings," select "Update & Security," then on the "Windows Update" section, click on "Advanced Options." (Note: the "Windows Update" section is also handy for showing you updates that are currently being downloaded or applied.) Under "Advanced Options," just make sure the drop down box is set to "Automatic."

If you have an older Vista or Windows 7 system, check out our tips on how to set up and check Windows Updates.

Update Adobe Flash

Adobe Flash updates are included in Microsoft's Windows updates.

For Chrome, Internet Explorer 11, and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually.

--> Click here to use our Adobe Flash Update Tool guide for download and install instructions.

The latest Flash Player version for Windows, Mac, Chrome, Microsoft Edge and Internet Explorer 11 and Linux is 26.0.0.151

Update Adobe Acrobat

Adobe recommends users update their software installations to the latest versions by following the instructions below.

  • Users can update their product installations manually by choosing Help > Check for Updates.
  • The products will update automatically, without requiring user intervention, when updates are
    detected.
  • The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.

More from Komando.com:

Guy who wrote the bible on passwords: I was wrong

Turn this Windows service OFF right now! It leaves you vulnerable to attacks

Microsoft releases new Windows 10 preview!

Next Story
Guy who wrote the bible on passwords: I was wrong
Previous Happening Now

Guy who wrote the bible on passwords: I was wrong

Phishing emails tricking people into falling for tech support scams
Next Happening Now

Phishing emails tricking people into falling for tech support scams

View Comments ()