Microsoft issues critical Flash security update
The patch, MS17-005, updates Flash libraries contained within Internet Explorer 10 and 11 as well as Microsoft Edge to address exploits that could be used to trigger remote code execution.
According to Microsoft, an attacker could potentially exploit the vulnerabilities in unpatched versions of the browsers by hosting a specially crafter website designed to exploit them and convincing a victim to visit or by embedding an ActiveX control in an Office document hosting the IE rendering engine.
Affected software includes Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2016 and Windows Server 2012, although the impact is only listed as moderate and not critical for the latter OS.
The update also lists a series of potential workarounds to limit exposure to the vulnerability for unpatched systems, including disabling Flash, preventing it from running within Office 2010 and disabling ActiveX controls in Office 2010 or 2007.
Adobe released this month's Flash patches on the 14th of February, the same day Microsoft would traditionally have issued its Patch Tuesday Windows updates.
But Microsoft, after transitioning to a new model that removes the fixed schedule for issuing patches, this month revealed it will push back the release of the planned February updates until March.
Three prominent ransomware gangs have adopted a combined approach that sees consecutive attacks...
Organisations are increasing investments in technologies that allow them to provide a simpler,...
New research from Trend Micro has revealed that 48% of Australian organisations feel their cyber...