Wednesday, February 22, 2017

Microsoft releases update for Flash Player, but leaves two disclosed Flaws Unpatched


Microsoft on Tuesday released security update (KB 4010250) to patch flaws in Adobe Flash Player for its customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10, but two already disclosed flaws remain unpatched.

Just last week, Microsoft announced that its February patches would be delayed until March due to a last minute issue, a move that led to Google publishing details of an

unpatched Windows bug

.

However, the software giant emailed a handful of big business to alert them to the incoming patches on Monday, advising them to update their systems as soon as possible.

The security patches are now available to all Windows customers over Windows Update, and "

No other security updates are scheduled for release until the next scheduled monthly update release on March 14, 2017

," Microsoft says.

Bulletin

MS17-005 for Adobe Flash Player

addresses remote code execution (RCE) vulnerabilities for some currently supported Windows systems.

The flaws are rated "Critical" for Windows client operating systems to Windows 8.1 and Windows Server 2016, but "Moderate" for Windows Server 2012.

But Microsoft Won't Patch Two Disclosed Flaws Until 14th March

However, two security vulnerabilities, which have already been publicly disclosed with working exploit code, remain still unpatched, giving attackers enough time to target Windows users.

First one is a

Windows SMB vulnerability

that affects Windows 8, Windows 10 and Windows Server. The proof-of-concept exploit code of this flaw was released just over a week ago.

The other one is the

flaw disclosed by Google

earlier this week that affects Microsoft's Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10 that had yet to be patched.

Google disclosed the vulnerability, which resides in Windows' Graphics Device Interface (GDI) library, with POC exploit, meaning attackers can exploit the vulnerability before Microsoft issue a patch.

The latest security patches come a week after Microsoft's usual Patch Tuesday.

Since details of the security updates released by Microsoft on Tuesday remain sketchy, what these patches resolve is not currently known.

So if you check for updates on your Windows PC and find one waiting for you, don't be surprised and patch your software immediately to make sure your Flash Player software is secure, though you’ll still be waiting until March 14 for the complete Patch Tuesday fix.



from The Hacker News http://ift.tt/2lKBtSs

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.