Microsoft and Adobe both issued updates to fix critical vulnerabilities that concerns their software. An emergency update is issued to fix a dangerous flaw in its anti-malware which has been dubbed as the worst Windows bug to date. On the other hand Adobe at least seven bugs are patched with the new update.
Microsoft was made aware by Google security researchers Natalie Silvanovich and Tavis Ormandy of a flaw in its Malware Protection Engine. This covers Microsoft Forefront, Microsoft Security Essentials and Windows Defender. The flaw could run malicious code while the suspicious file is scanned.
“To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine,” Microsoft warned. “If the affected anti-malware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file scanned.”
On May 8, Microsoft released an out-of-band fix for the problem, demonstrating unusual swiftness in addressing a serious issue with its software.
Google researcher Ormandy tweeted last Monday stating that he is blown away how quickly the Microsoft Security responded to protect users and highly praised their efforts.
Aside from the anti-malware product update, they have released fixes for other security flaws in a range of products beginning from IE, Edge, Microsoft Office, .NET and Adobe Flash Player.
The latest Flash Player, v. 188.8.131.52 for Windows, Mac, Linux and Chrome OS, is available. If you have adobe on your computer, it is advised that you update it immediately.
Due to the fact that Adobe Flash Player is a very powerful program but highly exploited by attackers, constant update and upkeep is necessary to prevent exposure to newly crafted exploits.
Every browser that uses adobe flash needs to be updated immediately.
It is a known fact that Google Chrome and IE auto-installs the latest flash player version during browser restarts. But as a rule of thumb, we should not be complacent about it. It would be better to double check manually.