{"id":10487,"date":"2017-11-14T16:17:01","date_gmt":"2017-11-15T00:17:01","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/11\/14\/news-4259\/"},"modified":"2017-11-14T16:17:01","modified_gmt":"2017-11-15T00:17:01","slug":"news-4259","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/11\/14\/news-4259\/","title":{"rendered":"Adobe, Microsoft Patch Critical Cracks"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Tue, 14 Nov 2017 23:12:32 +0000<\/strong><\/p>\n

It’s Nov. 14 — the second Tuesday of the month (a.k.a. “Patch Tuesday) — and\u00a0Adobe<\/strong> and Microsoft<\/strong> have issued gobs of security updates for their software. Microsoft’s 11 patch bundles fix more than four-dozen security holes in various Windows<\/strong> versions and Office<\/strong> products — including at least four serious flaws that were publicly disclosed prior to today. Meanwhile, Adobe’s got security updates available for a slew of titles, including Flash Player<\/strong>, Photoshop<\/strong>, Reader<\/strong> and Shockwave<\/strong>.<\/p>\n

\"\"Four<\/a> of<\/a> the<\/a> vulnerabilities<\/a> Microsoft fixed today have public exploits, but they do not appear to be used in any active malware campaigns, according to Gill Langston<\/strong> at security vendor Qualys<\/strong>. Perhaps the two most serious flaws likely to impact Windows end users involve vulnerabilities in Microsoft browsers Internet Explorer<\/a> and Edge<\/a>.<\/p>\n

Qualys’ Langston reminds us that on\u00a0last Patch Tuesday<\/a>, Microsoft quietly released the fix for\u00a0CVE-2017-13080<\/a>, widely known as the KRACK vulnerability in WPA2 wireless protocol,<\/a> but did not make it known until a week later, when the vulnerability was publicly disclosed. Check out the Qualys blog<\/a> and this post<\/a> from Ivanti<\/strong> for more on this month’s patches from Redmond. Otherwise, visit Windows Update<\/strong> sometime soon (click the\u00a0Start\/Windows<\/b>\u00a0button, then type\u00a0Windows Update<\/b>).<\/span><\/p>\n

Adobe issued patches to fix at least 62 security vulnerabilities in its products<\/a>, including several critical bugs in Adobe Flash Player and Reader\/Acrobat.\u00a0 The Flash Player update<\/a> brings the browser plugin to v. 27.0.0.187<\/em> on Windows, Mac, Linux and Chrome OS.<\/p>\n

Windows users who browse the Web with anything other than Internet Explorer may need to apply the Flash patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).<\/p>\n

\"\"Chrome and IE should auto-install the latest Flash version on browser restart (users may need to manually check for updates and\/or restart the browser to get the latest Flash version). Chrome users may need to restart the browser to install or automatically download the latest version.<\/p>\n

When in doubt, click the vertical three dot icon to the right of the URL bar, select \u201cHelp,\u201d then \u201cAbout Chrome\u201d: If there is an update available, Chrome should install it then. Chrome will replace that three dot icon with an up-arrow inside of a circle when updates are waiting to be installed.<\/p>\n

Standard disclaimer: Because Flash remains such a security risk, I continue to\u00a0encourage readers to remove or hobble Flash Player unless and until it is needed for a specific site or purpose. More on that approach (as well as slightly less radical\u00a0solutions ) can be found in\u00a0A Month Without Adobe Flash Player<\/a>. The short\u00a0version is that you\u00a0can probably get by without Flash installed and not miss it at all.<\/p>\n

For readers still unwilling to cut the cord, there are half-measures that work almost as well. Fortunately,\u00a0disabling Flash in Chrome<\/a>\u00a0is simple enough. Paste \u201cchrome:\/\/settings\/content<\/a>\u201d into a Chrome browser bar and then select \u201cFlash\u201d from the list of items. By default it should be set to \u201cAsk first\u201d before running Flash, although users also can disable Flash entirely here or whitelist and blacklist specific sites.<\/p>\n

Another, perhaps less elegant, solution is to keep Flash installed in a browser that you don\u2019t normally use, and then to only use that browser on sites that require it.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Tue, 14 Nov 2017 23:12:32 +0000<\/strong><\/p>\n

It’s Nov. 14 — the second Tuesday of the month (a.k.a. “Patch Tuesday) — and\u00a0Adobe and Microsoft have issued gobs of security updates for their software. Microsoft’s 11 patch bundles fix more than four-dozen security holes in various Windows versions and Office products — including at least four serious flaws that were publicly disclosed prior to today. Meanwhile, Adobe’s got security updates available for a slew of titles, including Flash Player, Photoshop, Reader and Shockwave.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[11414,10699,16642,12616,11415,16643,10829,14947,15793,10516,16644,10644,13457,10525],"class_list":["post-10487","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-adobe","tag-chrome","tag-cve-2017-13080","tag-edge","tag-flash-player","tag-gill-langston","tag-internet-explorer","tag-ivanti","tag-krack","tag-microsoft","tag-microsoft-patch-tuesday-november-2017","tag-other","tag-qualys","tag-windows"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10487"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10487\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10487"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}