PREPARE THYSELF. Winter is coming, or something, and Microsoft and Adobe have stepped in to stop hackers cutting the heads off your systems and flaying them through zero-day vulnerabilities.
It's Patch Tuesday, not Game of Thrones, but it's still exciting stuff. This Patch Tuesday, on a Wednesday, is a thrill ride like the many before it. In case you wondered, Patch Tuesday sees Microsoft and Adobe tackling a range of problems in things like Windows and Flash.
The Microsoft Security Bulletin Summary for May 2016 is a doozy. It's probably worth the installation, and we recommend, as do a range of security companies, that you get on with it.
"This is one of the more intense Patch Tuesdays in a while. Make sure you continue to monitor what is going on," said Qualys CTO Wolfgang Kandek.
Microsoft fixes a number of problems, including CVE-2016-0189 that affects Internet Explorer and involves a nasty "remote memory-corruption vulnerability" according to a Symantec blog post.
"Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page. Attackers can execute arbitrary code in the context of the currently logged-in user," said the firm.
"Failed attacks will cause denial-of-service conditions. Internet Explorer 9, 10, and 11 are vulnerable."
The big problem for Adobe is another newly discovered critical Flash vulnerability. CVE-2016-4117 affects Flash on Windows, Macintosh, Linux and Chrome OS. Adobe said that the vulnerability can cause crashes and potentially allow a hacker to take remote control, and has already been seen in the wild.
Adobe acknowledged the CVE-2016-4117 risk earlier this week: "A critical vulnerability exists in Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh, Linux and Chrome OS.
"Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild."
This is just the tip of the patchberg, of course, and there are plenty of other patches for a plethora of problems.
"Microsoft has released its May updates and it was a rather large deployment with 16 total updates. The critical versus important was split down the middle with eight important and eight critical," said Michael Gray, VP of technology at Thrive Networks.
"Most of the critical are remote code execution, which is commonly the end result of exploits. Critical patches are still critical and we recommend deploying after your systems have been tested."
That's Microsoft. What about Adobe's beaten, broken, bastard Flash software? Well, Gray is not a fan.
"At this point, we should be wondering when Flash will just disappear. It's dying a slow death and it's not a surprise to see yet another critical update. Many application firewalls can disable Flash and it is recommended to do this," he added.
"Fortunately, many of the mainstream browsers have already disabled Flash for outdated versions."
Firm and fair. µ
Let's talk about sex baby, let's talk about emoji
Reddit, watched it, no t-shirt
Boosted bug bounty promises big booty
But it only supports a handful of apps