Jump to content

Microsoft To Patch IE Again Next Week; Adobe To Clean Up Reader, Acrobat


Reefa

Recommended Posts

ie_patch-680x400.jpg

One week after releasing an out-of-band patch for an Internet Explorer zero day, Microsoft has provided a head’s up that next week’s Patch Tuesday security updateswill include another critical patch for the browser.

The IE roll-up is one of two critical bulletins expected next week; interestingly enough it rolls back to Windows Server 2003 Service Pack 2 and IE 6, which also ran on Windows XP. Last week’s out-of-band patch, MS14-021, was also made available for XP systems despite Microsoft ending support for the OS on April 8. Microsoft said next week’s patch will not be for XP machines.

“Our existing policy remains in place, and as such, Microsoft no longer supports Windows XP. We continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1,” a Microsoft spokesman said.

Qualys CTO Wolfgang Kandek said the IE fix should also patch vulnerabilities disclosed during the year’s Pwn2Own competition at CanSecWest. ”This update should be high on your list,” he said.

Pwn2Own, held in March, produced three new IE vulnerabilities, two of them sandbox bypasses developed by vulnerability vendor VUPEN of France. Researchers Sebastian Apelt and Andreas Schmidt, meanwhile, chained two use-after-free vulnerabilities in the browser and a kernel bug to hack the underlying system.

Last week’s XP patch was a surprise, but was likely prompted by an uptick in attacks specifically targeting XP users. The zero day exploit targeted IE 9 through IE 11 users initially and was used alongside an Adobe Flash exploit to compromise computers. Researchers at FireEye then reported additional attacks against IE 8 running on XP systems.

Kaspersky Lab principal researcher Kurt Baumgartner said the exploits in the wild were dropping versions of the Pirpi remote access Trojan in order to steal data from hacked computers.

The second critical bulletin affects SharePoint Server 2007 SP 3, SharePoint Server 2010 and 2013 as well as Office Web Apps 2010 and 2013.

The remaining six bulletins are rated Important by Microsoft and affect a number of products from Office, to Windows, to .NET.

The most serious could be a remote code execution bug in Office 2007, 2010 and 2013. Microsoft is also patching a security feature bypass in Office.

“It is rated important and provides RCE to the attacker, indicating that the attacker vector is a malicious document that the target has to open in order to trigger the attack,” Kandek said. “Attackers would use a document like that in a social engineering attack, which aims at convincing the user to open the document, for example by making it appear as coming from the user’s HR department or promising information about a subject of interest to the user.”

The four bulletins addressing Windows and .NET patch elevation of privilege and denial of service vulnerabilities all the way back to Windows Server 2003.

Adobe to Patch Reader and Acrobat

Adobe, meanwhile, also plans to release a patch for a vulnerability in the Windows and Mac OS X versions of Adobe Reader and Acrobat. Adobe said it is not aware of active exploits against the vulnerability, which is in versions 10.1.9 and 11.0.06 and earlier of both products.

Adobe has given the vulnerability its highest criticality rating, indicating the bugs are remotely exploitable.

Source

Link to comment
Share on other sites


  • Replies 8
  • Views 2.1k
  • Created
  • Last Reply

Top Posters In This Topic

  • dcs18

    2

  • iih1

    2

  • Rok

    1

  • 212eta

    1

Top Posters In This Topic

Microsoft no longer supports Windows XP.

You told us that before, yet you release update anyway. Stop it. Go away.

Link to comment
Share on other sites


Stopped using Adobe reader :shit: long ago.

Switched to Sumatra pdf and am loving it.Its small in size and works perfectly.

Link to comment
Share on other sites


Stopped using Adobe reader :shit: long ago.

Yeah, same here - stopped using Windows XP :shit: long ago.

Link to comment
Share on other sites


Microsoft no longer supports Windows XP.

You told us that before, yet you release update anyway. Stop it. Go away.

:rofl: :lmao:

OMG - how could I have overlooked this gem of a post. :lol:

Link to comment
Share on other sites


Stopped using Adobe reader :shit: long ago.

Switched to Sumatra pdf and am loving it.

Its small in size and works perfectly.

+1!

Link to comment
Share on other sites


Last week’s out-of-band patch, MS14-021, was also made available for XP systems despite Microsoft ending support for the OS on April 8. Microsoft said next week’s patch will not be for XP machines.

Adobe to Patch Reader and Acrobat

Stopped using Windows XP almost 5-years back. Since, then every now and than it's continued to be in news. Come on M$ decide it for once and all, either you are supporting it, or you don't support it at all. Why make announcements every fortnight of ending support to it.

Who cares for Adbobe Reader /Acrobat. Have been using Nitro PDF.

Link to comment
Share on other sites


honestly, here no adobe reader... :D

Link to comment
Share on other sites


nitro also a good one PDF.. i prefer Foxit...

Link to comment
Share on other sites


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...