Microsoft pushes out patches for critical Flash Player vulnerabilities
Microsoft has skipped its February 2017 Patch Tuesday and postponed the release of those patches for March, but there are apparently security vulnerabilities that must be fixed now.
On Tuesday, the Redmond giant has pushed out critical security updates for Adobe Flash Player in Internet Explorer 10, 11 and Microsoft Edge, for Windows 8.1, RT 8.1, 10, and Windows Server 2012, 2012 R2, and 2016.
The holes the updates plug are thirteen, and can all lead to remote code execution. Adobe issued patches for them earlier this month.
More information about the issues, as well as possible mitigations, workarounds, and security update deployment information, can be found in this MS security bulletin, and this summary.
There is still no exact information about why Microsoft delayed the scheduled February patches, or whether it will plug in March the two zero-day vulnerabilities for which exploit code has already been published.
The company is advising users to implement the security updates immediately, and encouraging customers to turn on automatic updates.
As a side-note, Apple has also released a new version of Logic Pro X, its software for audio professionals, and it contains a fix for a memory corruption issue originally fixed earlier this month in GarageBand.
“Opening a maliciously crafted GarageBand project file may lead to arbitrary code execution,” Apple simply noted.