Patch Tuesday: Microsoft Tackles 48 Flaws, But Adobe Acrobat Dominates

Microsoft has issued fixes for 48 vulnerabilities spread across six products in its August ‘Patch Tuesday’ security update.

But instead of Microsoft flaws dominating, attention should rather be focused on Adobe, which has patched 67 flaws, 43 of which are ‘critical’.

And for once Adobe Flash is not the main culprit, but rather Acrobat and Acrobat Reader.

On the Microsoft side, it patched 48 flaws, 15 of which affect Windows. Although Microsoft says that 25 of these vulnerabilities are ‘Critical’ and 27 can result in Remote Code Execution, the good news is that none of these vulnerabilities are currently being exploited in the wild.

“Top priority for patching should go to CVE-2017-8620, which is a vulnerability in the Windows Search service,” said Qualys’ Jimmy Graham. “This is the third Patch Tuesday to feature a vulnerability in this service.”

“Many of the vulnerabilities in this month’s release involve the Scripting Engine, which can impact both browsers and Microsoft Office, and should be considered for prioritizing for workstation-type systems that use email and access the internet via a browser.”

“It was a busy month, with a total of 48 security issues fixed,” added Bobby McKeown, senior manager of engineering at Rapid7. “All of these have a severity of ‘critical’ or ‘important’, with Remote Code Execution vulnerabilities again figuring highly particularly with Microsoft Edge.

What is your biggest cybersecurity concern?

  • Ransomware (28%)
  • Humans / Social Engineering (27%)
  • State sponsored hackers (14%)
  • Malware (14%)
  • Other (7%)
  • Out of date tools (6%)
  • DDoS (4%)

Loading ...

Adobe Flaws

But it could be argued that in August Adobe flaws have overshadowed the Microsoft Patch Tuesday update.

One in particular targeted Adobe Acrobat Reader DC. An arbitrary code execution vulnerability that could potentially be achieved using a social engineering attack was discovered by Cisco’s Talos cybersecurity division.

“For non-Microsoft updates, we have 4 overall from Adobe,” said Ivanti’s Chris Goettl. “The Flash Player update is rated as Priority 1, the other three are rated as Priority 2.  The Acrobat\Reader update is a bit odd this month. 69 total CVEs resolved, 43 of which are rated as Critical CVEs yet it is still rated as a Priority 2.”

Compare this to the Flash update with 2 CVEs, 1 of which was Critical and the math just does not add up…,” he added. “Open question to Adobe on that one, but probably safer to put the Acrobat\Reader update into your Priority 1 bucket this month to be on the safe side.”

Elsewhere, Mozilla Firefox has released Firefox 55 and ESR 52,which fix 29 CVEs, including 5 that are critical

Quiz: Know all about Microsoft?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago