Microsoft has released this month’s patch which fixes 12 critical vulnerabilities, another 87 that are flagged as important, and two which were left unclassified. As shown in the following diagram, more than half of the fixes concern Windows, a notable 14% fixes problems in Win32k, 8% concern the scripting engine, while the kernel, the connected devices platform service, and the Windows CNG Key isolation service have also received attention this time. As for the types of vulnerabilities, 54% concern elevation of privilege problems, 18% enable hackers to conduct remote code execution attacks, and 17% have to do with information disclosure issues.
Here are the 12 vulnerabilities that have been classified as “critical”:
Monthly security updates for Windows aren’t optional, and shouldn’t be postponed for later. These vulnerabilities are now disclosed to the public, which means that malicious actors could start working on ways to take advantage of them now that they know of their existence. That said, you should immediately apply the patches and update your security software as well since it will receive the new rules for the detection of malicious activity in your system.
Together with Microsoft, Adobe has also released its patches, fixing a total of 17 CVEs just for Acrobat Reader. The 12 of these vulnerabilities are rated as critical, so applying the available patches on the software is crucially important. Besides the Reader, Adobe also released fixes for virtually their entire product range, and most notably the ColdFusion (12 fixes), Connect (9 fixes), Contribute Publishing Services, Creative Cloud Desktop (9 fixes), Dreamweaver (4 fixes), Experience Manager (11 fixes), Flash Media Server (5 fixes), Flash Player (21 fixes), Illustrator (5 fixes), InDesign (5 fixes), and Photoshop (15 fixes). For a full list of everything fixes, check out Adobe’s security bulletin.