Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month’s Patch Tuesday is being overshadowed by the “Log4Shell” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.
Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google’s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.
Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.
Microsoft today issued its final batch of security updates for Windows PCs in 2020, ending the year with a relatively light patch load. Nine of the 58 security vulnerabilities addressed this month earned Microsoft’s most-dire “critical” label, meaning they can be abused by malware or miscreants to seize remote control over PCs without any help from users.
Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and in software that runs on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild, as well as a sneaky bug in certain versions of Office for Mac that bypasses security protections and was detailed publicly prior to today’s patches.
Adobe and Microsoft today each released patches to fix serious security holes in their software. Adobe pushed out a new version of its beleaguered Flash Player browser plugin. Redmond issued updates to address at least 61 distinct vulnerabilities in Microsoft Windows and related programs, including several flaws that were publicly detailed prior to today and one “zero-day” bug in Windows that is already being actively exploited by attackers.
Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft’s Patch Tuesday — the second Tuesday of each month — Adobe has a new Flash Player update that addresses a single but critical security weakness.
First, the Flash Tuesday update, which brings Flash Player to v. 220.127.116.11. Some (present company included) would argue that Flash Player is in itself “a single but critical security weakness.” Nevertheless, Google Chrome and Internet Explorer/Edge ship with their own versions of Flash, which get updated automatically when new versions of these browsers are made available.
It’s Nov. 14 — the second Tuesday of the month (a.k.a. “Patch Tuesday) — and Adobe and Microsoft have issued gobs of security updates for their software. Microsoft’s 11 patch bundles fix more than four-dozen security holes in various Windows versions and Office products — including at least four serious flaws that were publicly disclosed prior to today. Meanwhile, Adobe’s got security updates available for a slew of titles, including Flash Player, Photoshop, Reader and Shockwave.
Microsoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows, Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start.