Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Patch Tuesday Quiet, But Adobe Issues Critical Security Updates

In the world of Microsoft security updates, 2014 is starting off softly.

In the world of Microsoft security updates, 2014 is starting off softly.

The company issued just four updates today for Patch Tuesday, none of which reached its highest severity rating of ‘critical.’ That does not mean the patches can be ignored however.

“Our top deployment priority for this month is MS14-002, which addresses a publicly known issue in the Windows Kernel,” blogged Dustin Childs, group manager of response communications for Microsoft Trustworthy Computing.

“This bulletin addresses the issue first described in Security Advisory 2918840, which allows an attacker to perform an elevation of privilege if they are able to log on to a system and run a specially crafted application,” Childs continued. “We are aware of targeted attacks using this vulnerability, where attackers attempt to lure someone into opening a specially crafted PDF to access the system. Even when we first saw this, the PDF portion of the attack did not affect those with a fully updated system.”

Advertisement. Scroll to continue reading.

In addition to MS14-002, there is a separate privilege escalation issue addressed by MS14-003 that impacts Windows kernel-mode drivers. The other two security bulletins affect Microsoft Dynamic AX and Microsoft Word and Office Web apps.

“It’s a pretty easy prioritization this month, patch MS14-002 if it applies to you, then 001 [Microsoft Office] and 003 if it also applies,” advised Ross Barrett, senior manager of security engineering at Rapid7. “If you are worried about 002 and not 003, you are likely going to have some problems come April when support ends for Windows XP.”

“If you have Dynamics in your environment, don’t overlook this patch,” he added. “It’s the type of system where downtime can have a material cost to your business.”

But even though IT admins do not have much to do this month on the Microsoft update front, there are other security updates that were released today that can help fill the gap. Among them are patches from Adobe Systems for Adobe Reader, Acrobat and Flash Player. The Reader and Acrobat XI (11.0.05) and earlier updates are for Windows and Mac computers. According to Adobe, the updates address issues that could cause a crash and potentially allow an attacker to take control of the affected system.

In the case of the Flash Player vulnerabilities, the updates are for versions 11.9.900.170 and earlier for Windows and Mac, and Flash Player 11.2.202.332 and earlier versions for Linux. The vulnerabilities could potentially allow an attacker to take control of the affected system.

None of the vulnerabilities are known to be under attack, according to Adobe.

Separately, BlackBerry issued a warning today that its newest smartphones and tablets are at risk of remote code execution attacks via vulnerabilities in Adobe Flash Player. According to the security advisory, a malicious hacker could booby-trap Adobe Flash content and lure users into visiting rigged Web pages or downloading Adobe Air applications.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.