Adobe and Microsoft each published updates today to cope with critical vulnerabilities in their software. Microsoft's patch package in December is relatively easy and addresses more than three dozen vulnerabilities in Windows and related applications. Adobe has issued security patches for the products Acrobat and PDF Reader and has an update for yet another zero-day error in Flash Player already used at least.
At least nine of the errors in the Microsoft patches address errors. The company considers "critical", which means they can be exploited by malicious software or non-wells to install malicious software with little or no help from users, save for browsing to a hacked or booby-caught website.
Microsoft patched a zero-day error already exploited (CVE-201
According to the security company Rapid7 Other notable vulnerabilities this month are in Internet Explore r (CVE-2018-8631) and Edge (CVE-2018-8624) , which both consider most likely to be exploited. Similarly, CVE-2018-8628 errors in all supported versions of PowerPoint that will also be used by attackers.
It's usually not possible for Windows users to wait a day or two after Microsoft has released monthly security updates before installing the fixes. Sometimes buggy patches can cause severe headaches for users who install them before all kinks are prepared. It's also a good idea to get used to backing up your data before installing Windows updates.
Windows 10 likes to install updates at once and restart your computer on your own. Microsoft does not make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you want to be warned about new updates when they are available so that you can choose when to install them, there is a setting for it in Windows Update .
Adobe has received new versions of Adobe Reader and Adobe Acrobat that plug dozens of security holes into the applications. Also last week, Adobe released an emergency slot to fix a null day in Flash Player that the bad guys now use in active attacks.
Fortunately, the most popular browser with a long shot – Google Chrome – Auto Updates Flash, but also now allows users to enable Flash every time they want to use it (Microsoft also packs Flash with IE / Edge and updates it when Windows systems install monthly updates). By summer 2019, Google will let Chrome users go into their settings to enable it every time they want to run.
Firefox also forces users with the Flash add-in installed to click to play Flash content. Instructions to disable or remove Flash from Firefox are here. Adobe will stop supporting Flash by the end of 2020.
As always, if you're having trouble installing any of these patches this month, please leave a comment about it below; There is a good chance that other readers have experienced the same and can even chime in here with some helpful tips.
Ask Woody's summary.
Ghacks writeup on December 2018 Patch Tuesday.
Ivanti Patch Tuesday Webinar, 11.00 ET, December 12th.
Tags: Ask Woody, CVE-2018-8611, CVE-2018-8624, CVE-2018-8628, CVE-2018-8631, Ghacks, Ivanti, Patch Tuesday, December 2018, Qualys
You can jump to the end and leave a comment. Pinging is currently not allowed.