Microsoft, Adobe patch critical security flaws

By Dylan Bushell-Embling
Monday, 15 April, 2019

Microsoft has used its monthly Patch Tuesday to issue fixes for more than 70 vulnerabilities found in various software, including at least two that are already being exploited in the wild.

The 15 patches include patches for two vulnerabilities that according to security company Rapid7 are zero day exploits that affect all supported versions of Windows.

The vulnerabilities can result in unauthorised elevation of privilege that could allow attackers to respectively run arbitrary code in kernel mode, and to install programs, view change and delete data, and create new accounts with full user rights.

The vulnerabilities require attackers to have first obtained local access to an affected system, but according to Rapid7, when combined with one of the remote code execution vulnerabilities also patched by Microsoft, could be used to obtain full control of a system as part of an exploit chain.

Microsoft has also issued patches for various software including its Internet Explorer and Edge web browsers, as well as Microsoft Office, Sharepoint and Exchange. These include 32 remote code execution vulnerabilities.

Meanwhile, Adobe has also issued fixes for several products, including Flash, Reader and Shockwave Player.

This includes an update to resolve multiple critical memory corruption vulnerabilities in Shockwave Player that could lead to arbitrary code execution attacks, which was issued on the same day as Adobe officially ended support for the obsolete program.

Image credit: ©James Thew/Dollar Photo Club

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.