Microsoft, Adobe patch critical security flaws
The 15 patches include patches for two vulnerabilities that according to security company Rapid7 are zero day exploits that affect all supported versions of Windows.
The vulnerabilities can result in unauthorised elevation of privilege that could allow attackers to respectively run arbitrary code in kernel mode, and to install programs, view change and delete data, and create new accounts with full user rights.
The vulnerabilities require attackers to have first obtained local access to an affected system, but according to Rapid7, when combined with one of the remote code execution vulnerabilities also patched by Microsoft, could be used to obtain full control of a system as part of an exploit chain.
Microsoft has also issued patches for various software including its Internet Explorer and Edge web browsers, as well as Microsoft Office, Sharepoint and Exchange. These include 32 remote code execution vulnerabilities.
Meanwhile, Adobe has also issued fixes for several products, including Flash, Reader and Shockwave Player.
This includes an update to resolve multiple critical memory corruption vulnerabilities in Shockwave Player that could lead to arbitrary code execution attacks, which was issued on the same day as Adobe officially ended support for the obsolete program.
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
The Australian IT spending market is on track to grow 3% in 2019 despite expected declines in...
The Australian networking infrastructure market stagnated with just 0.81% growth in 2018, due to...
The consortium behind the Southern Cross Cable Network has contracted Alcatel Submarine Networks...