Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 3 MINUTES AGO.
You are here: Home / Data Security / Microsoft, Adobe Patch over 100 Bugs
Microsoft and Adobe Patch More than 100 Bugs
Microsoft and Adobe Patch More than 100 Bugs
By Shirley Siluk / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
NOVEMBER
15
2017
On November's Patch Tuesday yesterday, Microsoft and Adobe pushed out a large number of bug fixes. They included updates to resolve serious security flaws in Microsoft Office, the Internet Explorer and Edge Web browsers, and Adobe's Acrobat, Reader, Photoshop, and Flash Player.

Microsoft's update addressed a total of 53 vulnerabilities, four of which could open the door for security attacks. However, none of them appears to have been exploited in the wild at this point.

Adobe, meanwhile, patched more than five dozen vulnerabilities, including critical flaws that could enable remote code execution in Shockwave, Acrobat/Reader, and Flash Player.

In other developments, Microsoft today unveiled a new set of technologies and tools for developers looking to create cross-platform applications in the cloud.

Focus on Wireless and Flash Security

Beyond installing this month's patches, Microsoft users should also take care to ensure they've addressed other recent security issues, noted Gill Langston, director of product management and patching at Qualys, a cloud security and compliance firm. The most serious of these is the KRACK vulnerability identified in October, which could enable any Wi-Fi session to be hacked.

"It should also be noted that last Patch Tuesday, Microsoft quietly released the fix for CVE-2017-13080, widely known as the KRACK vulnerability in WPA2 wireless protocol, but did not make it known until a week later, when the vulnerability was publicly disclosed," Langson wrote in a blog post yesterday. "Therefore, it is recommended you ensure last month's security patches are fully addressed. Alternatively, you can install this month's Monthly Rollups, as they should include this fix."

In the meantime, anyone who browses the Web should ensure their browsers are updated to address critical bugs in Adobe's Flash Player, according to security writer Brian Krebs. Better still, users should try to avoid using Flash altogether, he added.

"Because Flash remains such a security risk, I continue to encourage readers to remove or hobble Flash Player unless and until it is needed for a specific site or purpose," Krebs wrote on his blog yesterday. "Another, perhaps less elegant, solution is to keep Flash installed in a browser that you don't normally use, and then to only use that browser on sites that require it."

Extended Windows 10 Support for Enterprises

In the meantime, enterprises moving to Microsoft's Windows-as-a-service model will gain some extra time to continue receiving security support for older versions of Windows 10, according to director of product marketing Michael Niehaus.

"To help some early enterprise adopters that are still finishing their transition to Windows as a service, we will be providing a supplemental servicing package for Windows 10, version 1511 for an additional six months, until April 2018, providing updates to address critical and important security issues that arise during that time," Niehaus wrote yesterday on Microsoft's TechNet blog. "These updates will be available to anyone using Windows 10 Enterprise, version 1511 or Windows 10 Education, version 1511. Updates will be offered via all normal channels, including Windows Update, WSUS, Configuration Manager, and the Windows Update catalog."

At its Connect(); 2017 event in New York today, Microsoft unveiled a new offering called Azure Databricks. Powered by Apache Spark, Databricks is designed to "help developers build applications and services for the AI-driven future," according to executive vice president Scott Guthrie. Azure Databricks includes native integration with Azure applications and Power BI to support the creation of data warehouses with self-service analytics and machine learning.

Image credit: iStock.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY

NETWORK SECURITY SPOTLIGHT
China-based Vivo will be the first company to come out with a smartphone featuring an in-display sensor for fingerprint security, beating Apple, Samsung, and other device makers to the punch.

ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.