Security Experts:

Connect with us

Hi, what are you looking for?



Microsoft, Adobe Patch Dozens of Security Vulnerabilities

Microsoft and Adobe released on Tuesday security updates to patch a large number of vulnerabilities in their products.

Microsoft and Adobe released on Tuesday security updates to patch a large number of vulnerabilities in their products.

Microsoft released 14 security bulletins to address a total of nearly 60 vulnerabilities affecting Windows, Internet Explorer, .NET, Office, Lync, Silverlight, and the new Edge web browser. A couple of flaws rated “critical” have been identified in the recently released Windows 10 operating system.

One of the most serious issues fixed with the August 2015 security updates is a privilege escalation vulnerability affecting the Mount Manager in Windows (CVE-2015-1769). The flaw can be exploited by inserting a malicious USB device into the targeted system. While attacks involving USB devices might not be considered very dangerous, Microsoft says it has reason to believe this vulnerability has been exploited in targeted attacks.

Another vulnerability exploited by malicious actors is a memory corruption flaw (CVE-2015-1642) in Office. The vulnerability has been addressed with the release of the MS15-081 bulletin.

Security firm Qualys has named the Office bulletin MS15-081 the highest priority item of the month. Experts have pointed out that this bulletin is rated “critical,” which is rare for Office updates because Microsoft decreases the severity rating of a security bug if user interaction is required (e.g. opening a specially crafted document).

“But CVE-2015-2466 is rated critical on Office 2007, Office 2010 and Office 2013 indicating that the vulnerability can be triggered automatically, possibly through the Outlook e-mail preview pane, and provide Remote Code Execution (RCE), giving the attacker control over the targeted machine,” Wolfgang Kandek, CTO of Qualys, explained in a blog post.

Adobe’s security updates address a total of 35 vulnerabilities affecting the Windows, Mac and Linux versions of Flash Player, a highly vulnerable piece of software that is often abused by malicious actors.

Adobe Flash Player for Mac and Windows, and Flash Player for Linux patch a series of use-after-free, integer overflow, buffer overflow, and type confusion vulnerabilities that can be exploited for arbitrary code execution. The latest versions also further harden a mitigation introduced in Flash to defend against vector length corruptions, Adobe said.

Experts from Fortinet, Google, Alibaba, and Qihoo 360 have been credited by Adobe for reporting the vulnerabilities.

The Flash Player patches have also been included in Google Chrome, Internet Explorer 10 and 11, and Microsoft Edge.

Adobe says it’s currently not aware of exploits in the wild for any of the vulnerabilities addressed in these updates.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet