Itpa webheader

Microsoft, Adobe patch critical security flaws


By Dylan Bushell-Embling
Monday, 15 April, 2019


Microsoft, Adobe patch critical security flaws

Microsoft has used its monthly Patch Tuesday to issue fixes for more than 70 vulnerabilities found in various software, including at least two that are already being exploited in the wild.

The 15 patches include patches for two vulnerabilities that according to security company Rapid7 are zero day exploits that affect all supported versions of Windows.

The vulnerabilities can result in unauthorised elevation of privilege that could allow attackers to respectively run arbitrary code in kernel mode, and to install programs, view change and delete data, and create new accounts with full user rights.

The vulnerabilities require attackers to have first obtained local access to an affected system, but according to Rapid7, when combined with one of the remote code execution vulnerabilities also patched by Microsoft, could be used to obtain full control of a system as part of an exploit chain.

Microsoft has also issued patches for various software including its Internet Explorer and Edge web browsers, as well as Microsoft Office, Sharepoint and Exchange. These include 32 remote code execution vulnerabilities.

Meanwhile, Adobe has also issued fixes for several products, including Flash, Reader and Shockwave Player.

This includes an update to resolve multiple critical memory corruption vulnerabilities in Shockwave Player that could lead to arbitrary code execution attacks, which was issued on the same day as Adobe officially ended support for the obsolete program.

Image credit: ©James Thew/Dollar Photo Club

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.

Related News

Microsoft names next Windows 10 feature update

The company has released the Windows 10 Insider Preview Build 19033 in both the fast and slow...

Regulators rebuke iiNet, Telstra, Optus

Regulators have taken enforcement action against iiNet, Telstra and Optus for breaching their...

ASX100 firms vulnerable to email security risks

86% of ASX100 companies aren't implementing email security best practices, leaving them...


  • All content Copyright © 2019 Westwick-Farrow Pty Ltd