Microsoft issues critical Flash security update
Microsoft, despite deciding not to release any patches in February, has pushed out a critical security update containing patches developed by Adobe for the Adobe Flash Player.
The patch, MS17-005, updates Flash libraries contained within Internet Explorer 10 and 11 as well as Microsoft Edge to address exploits that could be used to trigger remote code execution.
According to Microsoft, an attacker could potentially exploit the vulnerabilities in unpatched versions of the browsers by hosting a specially crafter website designed to exploit them and convincing a victim to visit or by embedding an ActiveX control in an Office document hosting the IE rendering engine.
Affected software includes Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2016 and Windows Server 2012, although the impact is only listed as moderate and not critical for the latter OS.
The update also lists a series of potential workarounds to limit exposure to the vulnerability for unpatched systems, including disabling Flash, preventing it from running within Office 2010 and disabling ActiveX controls in Office 2010 or 2007.
Adobe released this month's Flash patches on the 14th of February, the same day Microsoft would traditionally have issued its Patch Tuesday Windows updates.
But Microsoft, after transitioning to a new model that removes the fixed schedule for issuing patches, this month revealed it will push back the release of the planned February updates until March.
Red Hat, IBM launch open source threat remediation tool
IBM and Red Hat have jointly launched an AI-powered solution for automating the...
Cloudflare launches superior CAPTCHA alternative
Cloudflare has launched into general availability a solution capable of continuously monitoring...
APAC workers in need of phishing training: report
A report from workforce security company KnowBe4 indicates that 1 in 3 Australian employees is...
