• Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Whitepapers
  • Industry Voice
  • Data Strategy Spotlight
  • Newsletters
  • Whitepapers
    • Inqlogo 120x194
      Five things you should look for in choosing a Testing provider

      Choosing a Testing Partner can be complex.  So what do you look for?  This guide offers insight into the qualities you must look for in choosing a Testing provider.  Download now to learn more.

      Download
      Inqlogo 120x194
      Your questions answered: How to protect your data in the cloud

      The number of successful cyberattacks per year per company has increased by 46% over the last four years. But what really needs to be considered when exploring a solution? What questions need to be asked? Download to find out...

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Follow us
    • Twitter
    • Newsletters
    • Facebook
  • Newsletter
  • Industry Voice
  • Data Strategy Spotlight
The Inquirer
The Inquirer
  • Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Trending
  • General election
  • Huawei sues FCC
  • Xerox vs HP
  • Galaxy S11
  • McAfee 2020
The Inquirer
  • Security

Microsoft and Adobe unleash more than 100 bug fixes in bumper Patch Tuesday

Firms address dozens of 'critical' security flaws

Microsoft and Adobe unleash more than 100 patches in bumper Patch Tuesday
Microsoft and Adobe unleash more than 100 patches in bumper Patch Tuesday
  • Graeme Burton
  • @graemeburton
  • 15 November 2017
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
0 Comments

MICROSOFT AND ADOBE have released more than 100 patches between them to address dozens of security flaws, many of them rated 'critical'.

Microsoft's 53 patches address 20 bugs rated critical across its Edge and Internet Explorer, as well as Office and, obviously, various iterations of the Windows operating system.

There aren't any zero-day security flaws that require an urgent patch, although four of the bugs are publicly known but not yet exploited.

Chris Goettl, manager of product management security at Ivanti, provider of LanDesk, described Microsoft's Patch Tuesday action as "fairly tame".

He continued: "[There are] 47 total unique vulnerabilities resolved across 11 updates. Two of these have been publicly disclosed, which means enough information has been released to the public to allow a threat actor to create an exploit or at least giving them a jump start on where to begin.

Goettl highlighted two particular vulnerabilities affecting both Internet Explorer and Edge, CVE-2017-11827 and CVE-2017-11848. 

"CVE-2017-11827 affects both IE and Edge. This vulnerability could be used in user targeted attacks, like a phishing email or exploiting a website, then convincing a user to open a malicious attachment or content.

"Once exploited the attacker would gain equal rights to the current user. If the user is a full administrator the attacker would gain control of the affected system.

"The second vulnerability (CVE-2017-11848) is an information disclosure vulnerability in Internet Explorer that could allow an attacker to track the navigation of the user leaving a maliciously crafted page," he warned.

Greg Wiseman, a senior security researcher at security company Rapid7, pointed out that web browser issues account for two-thirds of Microsoft's patched vulnerabilities this month, with Edge out-scoring Internet Explorer two-to-one (24 to IE's 12).

"No non-browser vulnerabilities are considered critical this month, but with a little bit of social engineering, an attacker could theoretically combine one of the Office-based RCE vulnerabilities, like CVE-2017-11878 or CVE-2017-11882, with a Windows kernel privilege escalation weakness, such as CVE-2017-11847, to gain complete control over a system," he said.

"Thankfully, none of the patched vulnerabilities this time around are known to be exploited in the wild."

At least, not yet.

Adobe, meanwhile, offered up a treat of 83 patches, including five critical for the usually utterly secure Flash player. All five of these security flaws enable remote code execution in Adobe Flash if left unpatched.

Adobe's trove of patches also fix 62 security flaws in Acrobat and Acrobat Reader, including fixes for a plethora of remote code execution security flaws.

A number of other items of Adobe software also require urgent fixes, including Photoshop, Adobe Digital Editions, Shockwave, InDesign and Connect. All have at least one flaw rated critical, so if you're running anything made by Adobe you basically need to get it patched as a matter of urgency. µ

  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • Security
  • Security
  • Security
  • Microsoft
  • Windows
  • adobe
  • patch tuesday
  • Edge

INQ Latest

Comet Lake-S leaks keep hitting earth
Intel Comet Lake-S leak teases AMD-chasing six-core Core i5-10600

Hype for HyperThreading

  • Chips
  • 13 December 2019
Apple's parental controls in iOS 13.3 can be easily bypassed
Apple's parental controls in iOS 13.3 can be easily bypassed

Hey kids, leave them iPhones alone

  • Software
  • 13 December 2019
Opera GX brings gaming-led browsing to macOS
Opera GX brings gaming-led browsing to macOS

The Mac lady sings

  • Software
  • 13 December 2019
Google Assistant gets 'Interpreter Mode' on iOS and Android
Google Assistant gets 'Interpreter Mode' on iOS and Android

Babel in yo ear

  • Software
  • 13 December 2019
Back to Top

Most read

Apple's iPhone 12 won't see a significant price increase, claims Kuo
Apple's iPhone 12 won't see a significant price increase, claims analyst
FTC might order Facebook to stop integrating Instagram, Messenger and WhatsApp
FTC might order Facebook to stop merger of Instagram, Messenger and WhatsApp
Comet Lake-S leaks keep hitting earth
Intel Comet Lake-S leak teases AMD-chasing six-core Core i5-10600
Windows 7 goes end-of-life in a month
Windows 7 goes end-of-life in a month
Galaxy S11 specs, release date and price: In-the-wild images show chunky camera hump
Galaxy S11 specs, release date and price: In-the-wild images show chunky camera hump
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Twitter
  • Newsletters
  • Facebook

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017