• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

MS Patch Day Fixes 0day and Warning for Adobe Users

October 3, 2013 By Corey Nachreiner

Download, test, patch, and repeat. That should be the mantra for Microsoft administrators every month.

By now, you’re likely quite used to Microsoft’s regular monthly patch cycle, so you’re already expecting next week’s updates. However, this month’s updates are especially important, since one fixes a fairly prevalent zero day flaw that attackers are exploiting in the wild. According to their advanced notification, Microsoft plans on releasing eight security bulletins next Tuesday to fix vulnerabilities in Windows, Internet Explorer (IE), Office, and the .NET and SilverLight frameworks. They rate half the bulletins as Critical, and the other half as Important.

This would all sound like business as usually for Microsoft Patch Day, except that one of the Critical updates fixes the very serious zero day IE flaw, which I warned you about a few weeks ago. Since that initial warning, more and more attackers have started exploiting this vulnerability. Worse yet, researchers have released a Metasploit exploit for the flaw, which means anyone can try it out. I expect every smart network attacker to start incorporating this flaw into their exploit kits, if they haven’t already. You should get this IE update as soon as it’s available next week.

Also, don’t forget that Adobe now shares Microsoft’s Patch Tuesday, and they too will release updates next week. According to a pre-notification post, they plan on releasing an Adobe Reader and Acrobat update on the 8th.

While I’m talking about Adobe, if you’re an Adobe customer, it’s time to change your user credentials on their site. Today, Adobe released an important announcement informing their customers that their network has been breached. Attackers made off with 2.9 million customer records, including email addresses and encrypted credit card numbers. They plan on emailing affected customers, so be sure to change your password if you get this email. As an aside, the attackers also seem to have acquired some Adobe source code. For more information on this attack, I recommend you read Brian Krebs’ blog post.

So to summarize:

  • Microsoft administrators should get ready for next Tuesday’s important Patch Day. Install the IE update first,
  • If you use Adobe product, get ready for the Reader updates too,
  • And if you have credentials on Adobe’s site, change them immediately.

I’ll share more details about all these updates next Tuesday. So stay tuned. — Corey Nachreiner, CISSP (@SecAdept)

MS Patch Day: Sept. 2013

Share This:

Related

Filed Under: Security Bytes Tagged With: Developer tools, Microsoft, silverlight, Updates and patches

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use