Microsoft, Adobe Urge Users to Act: Critical Security Updates Address Active Vulnerabilities
Microsoft and Adobe have released critical security updates to address active vulnerabilities in their products. The updates include patches for remote code execution flaws and critical vulnerabilities in popular software.
Microsoft's Edge browser update (MS16-052) addresses four critical vulnerabilities, none of which are currently under direct attack. Chrome and Internet Explorer 11/Edge users will receive automatic patches. Meanwhile, Microsoft 365's update (MS16-054) addresses two critical vulnerabilities in the RTF file format that can be triggered through the Outlook preview pane. For ImageMagick, a workaround exists in the policy.xml file for its vulnerability, although no patch is available.
ImageMagick is currently under active attack, with vulnerability CVE-2016-3714 allowing remote code execution through image uploads. Adobe has released an updated security patch version addressing the active 0-day CVE-2016-4117 in APSB16-15. They expect to release a new version of Flash later in the week to address the same vulnerability.
Microsoft's Internet Explorer update (MS16-051) addresses a critical remote code execution vulnerability (CVE-2016-0189) that is currently under attack. Adobe has also released a patch for the 0-day vulnerability CVE-2016-4117 in APSB16-15, which addresses another 24 vulnerabilities, mostly rated critical. Lastly, Microsoft's Windows graphical subsystem update (MS16-055) addresses a critical vulnerability with web- and document-based attack vectors.
Users are advised to install these updates promptly to protect against active threats. Microsoft and Adobe continue to monitor and address security issues to ensure the safety of their users.
