Microsoft & Adobe Release Critical Security Patches for 120+ CVEs
Microsoft and Adobe have released critical security patches this month, addressing a total of 54 and 76 CVEs respectively. Microsoft's updates include fixes for 17 critical vulnerabilities, while Adobe's cover over 50 critical flaws in Acrobat and Reader alone.
Microsoft's Patch Tuesday addresses a wide range of issues, with the most critical vulnerabilities found in its browsers and browser-related technologies. A total of 16 CVEs were patched in this area, including the Lazy FP State Restore vulnerability published in June 2017 as part of the Spectre-NG vulnerability set. This vulnerability, along with another new side-channel attack on speculative execution, was ranked as Important.
Browser vulnerabilities should be prioritized for workstation type devices. Additionally, Microsoft patched a critical vulnerability in PowerShell Editor Services. Out-of-band patches were also released for Microsoft Exchange Server to address vulnerabilities in the Oracle Outside In library.
Adobe's updates include critical patches for Acrobat, Reader, and Flash. While Flash has only one critical CVE, Acrobat and Reader have over 50 critical CVEs each. These updates address multiple products and cover a range of vulnerabilities.
This month's security updates from Microsoft and Adobe address a significant number of critical vulnerabilities. Users are advised to apply these patches as soon as possible to protect against potential security threats. The updates cover a wide range of products and address various types of vulnerabilities, including those related to browser security, speculative execution, and software libraries.
