Adobe and Microsoft today each independently released security updates to fix critical problems with their products. Adobe issued patches for Adobe Reader/Acrobat, Flash Player and AIR, while Microsoft pushed nine security updates to address at least 37 security holes in Windows and related software.
Microsoft has emitted a new version of EMET – its Enhanced Mitigation Experience Toolkit.
Redmond often recommends deployment of EMET as a frontline defence against attacks, so the release of a new version is noteworthy.
The big two enhancements that Microsoft is talking up the loudest are an improved Attack Surface Reduction (ASR) tool “... configured to block some modules and plug-ins from being loaded by Internet Explorer while navigating to websites belonging to the Internet Zone”.
Adobe Systems released emergency security updates for Flash Player in order to fix a vulnerability that has been exploited in attacks against users since earlier this month.
The attacks were discovered by security researchers from Kaspersky Lab and were launched from a website set up by the Syrian Ministry of Justice to receive complaints about law violations. It’s not clear who was behind the attack, but the site had been compromised in the past by hackers.
Adobe has released a fix for a zero-day vulnerability in Flash Player, which impacts users running Windows, Mac and Linux operating systems.
The company yesterday urged Windows and Mac users to download Flash Player versions 188.8.131.52 and 11.7.700.261 (for those who cannot update to version 12.0). Those running Flash on Linux systems were directed to install version 184.108.40.2066 of the plug-in.
Adobe is recommending that users update their Flash Players immediately -- especially those who frequent Google Chrome and Internet Explorer. The company released an emergency security bulletin on Tuesday that addresses vulnerabilities in Flash, which could be exploited by hackers.
"This vulnerability could allow an attacker to remotely take control of the affected system," Adobe wrote in a blog post. "Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users apply the updates referenced in the security bulletin."