Patch Tuesday: Microsoft Tackles 48 Flaws, But Adobe Acrobat Dominates

Microsoft has issued fixes for 48 vulnerabilities spread across six products in its August ‘Patch Tuesday’ security update.

But instead of Microsoft flaws dominating, attention should rather be focused on Adobe, which has patched 67 flaws, 43 of which are ‘critical’.

And for once Adobe Flash is not the main culprit, but rather Acrobat and Acrobat Reader.

On the Microsoft side, it patched 48 flaws, 15 of which affect Windows. Although Microsoft says that 25 of these vulnerabilities are ‘Critical’ and 27 can result in Remote Code Execution, the good news is that none of these vulnerabilities are currently being exploited in the wild.

“Top priority for patching should go to CVE-2017-8620, which is a vulnerability in the Windows Search service,” said Qualys’ Jimmy Graham. “This is the third Patch Tuesday to feature a vulnerability in this service.”

“Many of the vulnerabilities in this month’s release involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser.”

“It was a busy month, with a total of 48 security issues fixed,” added Bobby McKeown, senior manager of engineering at Rapid7. “All of these have a severity of ‘critical’ or ‘important’, with Remote Code Execution vulnerabilities again figuring highly particularly with Microsoft Edge.

What is your biggest cybersecurity concern?

  • Ransomware (28%)
  • Humans / Social Engineering (27%)
  • State sponsored hackers (14%)
  • Malware (14%)
  • Other (7%)
  • Out of date tools (6%)
  • DDoS (4%)

Loading ...

Adobe Flaws

But it could be argued that in August Adobe flaws have overshadowed the Microsoft Patch Tuesday update.

One in particular targeted Adobe Acrobat Reader DC. An arbitrary code execution vulnerability that could potentially be achieved using a social engineering attack was discovered by Cisco’s Talos cybersecurity division.

“For non-Microsoft updates, we have 4 overall from Adobe,” said Ivanti’s Chris Goettl. “The Flash Player update is rated as Priority 1, the other three are rated as Priority 2.  The Acrobat\Reader update is a bit odd this month. 69 total CVEs resolved, 43 of which are rated as Critical CVEs yet it is still rated as a Priority 2.”

Compare this to the Flash update with 2 CVEs, 1 of which was Critical and the math just does not add up…,” he added. “Open question to Adobe on that one, but probably safer to put the Acrobat\Reader update into your Priority 1 bucket this month to be on the safe side.”

Elsewhere, Mozilla Firefox has released Firefox 55 and ESR 52,which fix 29 CVEs, including 5 that are critical

Quiz: Know all about Microsoft?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

2 days ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

2 days ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

2 days ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

3 days ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

3 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

3 days ago