Microsoft and Adobe patch multiple critical security vulnerabilities

Microsoft issued six security bulletins that addressed no less than 12 vulnerabilities, seven of which the software giant had rated as critical.

All five critical security updates were for issues affecting Internet Explorer - including ones for Internet Explorer 8 and a recently made public vulnerability in versions 6 and 7 - and fixed issues that could be used in drive-by download attacks.

According to Ben Greenbaum, senior research manager with Symantec Security Response, proof-of-concept exploit code was released for the object memory corruption vulnerability late last month, but it was found not to be reliable.

"It's been a race since between Microsoft and attackers to either get a patch out or improve the exploit's reliability", he said.

"As it turns out, Symantec has yet to see neither the exploit's consistency increased significantly nor any successful attacks using it in the wild", he added.

Over at Adobe, meanwhile, the company has just released a batch of critical security updates affecting Flash Player and AIR, the Adobe Integrated Runtime multi-operating system runtime environment.

This comes hard on the heels of a zero-day security vulnerability affecting Adobe Illustrator CS3 and CS4 coming to light late last week.

According to Greenbaum, although both of Adobe's security updates are critical, the Flash Player update should be applied immediately by all users.

"Flash is used so commonly that it should definitely be a high priority", he said.

What’s Hot on Infosecurity Magazine?