Patch Tuesday: Microsoft Tackles 48 Flaws, But Adobe Acrobat Dominates

Microsoft has issued fixes for 48 vulnerabilities spread across six products in its August ‘Patch Tuesday’ security update.

But instead of Microsoft flaws dominating, attention should rather be focused on Adobe, which has patched 67 flaws, 43 of which are ‘critical’.

And for once Adobe Flash is not the main culprit, but rather Acrobat and Acrobat Reader.

On the Microsoft side, it patched 48 flaws, 15 of which affect Windows. Although Microsoft says that 25 of these vulnerabilities are ‘Critical’ and 27 can result in Remote Code Execution, the good news is that none of these vulnerabilities are currently being exploited in the wild.

“Top priority for patching should go to CVE-2017-8620, which is a vulnerability in the Windows Search service,” said Qualys’ Jimmy Graham. “This is the third Patch Tuesday to feature a vulnerability in this service.”

“Many of the vulnerabilities in this month’s release involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser.”

“It was a busy month, with a total of 48 security issues fixed,” added Bobby McKeown, senior manager of engineering at Rapid7. “All of these have a severity of ‘critical’ or ‘important’, with Remote Code Execution vulnerabilities again figuring highly particularly with Microsoft Edge.

What is your biggest cybersecurity concern?

  • Ransomware (28%)
  • Humans / Social Engineering (27%)
  • State sponsored hackers (14%)
  • Malware (14%)
  • Other (7%)
  • Out of date tools (6%)
  • DDoS (4%)

Loading ...

Adobe Flaws

But it could be argued that in August Adobe flaws have overshadowed the Microsoft Patch Tuesday update.

One in particular targeted Adobe Acrobat Reader DC. An arbitrary code execution vulnerability that could potentially be achieved using a social engineering attack was discovered by Cisco’s Talos cybersecurity division.

“For non-Microsoft updates, we have 4 overall from Adobe,” said Ivanti’s Chris Goettl. “The Flash Player update is rated as Priority 1, the other three are rated as Priority 2.  The Acrobat\Reader update is a bit odd this month. 69 total CVEs resolved, 43 of which are rated as Critical CVEs yet it is still rated as a Priority 2.”

Compare this to the Flash update with 2 CVEs, 1 of which was Critical and the math just does not add up…,” he added. “Open question to Adobe on that one, but probably safer to put the Acrobat\Reader update into your Priority 1 bucket this month to be on the safe side.”

Elsewhere, Mozilla Firefox has released Firefox 55 and ESR 52,which fix 29 CVEs, including 5 that are critical

Quiz: Know all about Microsoft?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

AT&T Admits Data Breach Impacted “Nearly All” Customers

American telecommunications giant AT&T admits that “nearly all” customer accounts were compromised in 2022 breach

12 hours ago

Elon Musk’s X Breached DSA Rules, EU Finds

X's Blue checks 'used to mean trustworthy sources of information. Now our preliminary view is…

16 hours ago

Japan’s SoftBank Acquires AI Chip Start-up Graphcore

SoftBank Group has purchased another British chip firm, with the acquisition of Bristol-based Graphcore Ltd…

17 hours ago

Samsung AI-Upgraded Bixby Voice Assistant Coming This Year

Samsung reportedly confirms it will launch the upgraded voice assistant Bixby this year, that will…

1 day ago

Next Neuralink Brain Implant Coming Soon, Says Musk

Despite an issue with first Neuralink implant in a patient, Elon Musk says second brain…

1 day ago

EU Accepts Apple’s Legal Commitments To Open NFC Access

Legal commitment over Apple's NFC-based mobile payments system, which is to be opened to rival…

2 days ago