Microsoft & Adobe Warn of Critical Vulnerabilities, Urge Prompt Patching
Microsoft and Adobe have released critical security advisories, urging users to patch their systems promptly. Meanwhile, attackers are employing diverse tactics to lure targets to malicious websites.
Adobe issued APSB15-09 and APSB15-10 to tackle severe issues in Flash and Reader/Acrobat. Microsoft's Patch Tuesday in May brought 13 bulletins, including MS15-046 for RCE file format vulnerabilities in Word and Excel, affecting about 10% of targets via email. MS15-044 addresses critical font bugs in GDI+ library, impacting many Microsoft products. Another significant fix, MS15-043, patches 22 CVEs in Internet Explorer, 14 of which are critical and allow Remote Code Execution.
Attackers are exploiting common blogging and forum software, online ads, and search engine poisoning to direct targets to malicious webpages. Half of newly discovered vulnerabilities are exploited within two weeks of their revelation. In 2014, only 5% of RCE type Microsoft vulnerabilities had working exploits. The US-CERT recommends patching six vulnerabilities in Windows Journal, two of which are publicly known but unexploited.
With 53 advisories released so far this year, Microsoft urges users to apply the latest patches. Adobe's recent advisories also demand immediate attention. As attackers' tactics evolve, prompt patching and increased vigilance are crucial for maintaining system security.
