Adobe and Microsoft Patches
It’s been kind of a big couple of days for security updates with both Microsoft and Adobe putting out security patches you’re probably going to want to get. Adobe is looking to fix weaknesses in Cold Fusion and its PDF Reader with hints of a Flash update coming out later this week. Meanwhile. Microsoft is hoping to patch dozens of security flaws with 16 update bundles for Windows, Internet Explorer, and others.
The patches released by Microsoft include things like bug fixes to Internet Explorer and the Microsoft .NET Framework, but some are designed to deal with “zero-day” attacks, meaning vulnerabilities hackers find before Microsoft does. Half of these updates are listed as “critical” since the security flaws they patch are able to be exploited remotely without the user doing anything more than clicking on a link or opening an attachment in a malicious phishing email.
Adobe’s updates deal with their Cold Fusion and PDF Reader. Cold Fusion is a popular point of entry for hackers looking to steal from online marketplaces, so if you run a website that uses it, you should update as soon as possible. As far as the PDF Reader goes, the general consensus is it might be better just to go ahead and use a different program altogether like Sumatra PDF that is less is susceptible to attack.
Probably the bigger news from Adobe is the update that will be released on May 12. Not only does it patch a known zero-day exploit that is being used by hackers, it comes with 23 fixes for other common vulnerabilities and exposures (CVEs) in Adobe Flash Player 22.214.171.124 and earlier. A new version of Flash will also be released on the same day that will already have these issues patched. Regardless, all of this updates are ones you’re going to want to get.