{"id":6792,"date":"2017-02-27T08:31:39","date_gmt":"2017-02-27T16:31:39","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/02\/27\/news-583\/"},"modified":"2017-02-27T08:31:39","modified_gmt":"2017-02-27T16:31:39","slug":"news-583","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/02\/27\/news-583\/","title":{"rendered":"IDG Contributor Network: February Patch Tuesday updated"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt1.staticworld.net\/images\/article\/2016\/05\/mit-probablistic-patches-press-100642864-orig-100660887-primary.idge.jpg\"\/><\/p>\n<p><strong>Credit to Author: Greg Lambert| Date: Mon, 27 Feb 2017 07:45:00 -0800<\/strong><\/p>\n<p>Microsoft released a single update last week with this February Patch Tuesday, after a week&#8217;s<a href=\"http:\/\/computerworld.com\/article\/3170886\/security\/why-februarys-patch-tuesday-is-delayed.htmlhttp:\/computerworld.com\/article\/3170886\/security\/why-februarys-patch-tuesday-is-delayed.html\">\u00a0<\/a><a href=\"http:\/\/computerworld.com\/article\/3170886\/security\/why-februarys-patch-tuesday-is-delayed.html\">delay<\/a>. Or, perhaps <a href=\"https:\/\/technet.microsoft.com\/library\/security\/ms17-005\">MS17-005<\/a>\u00a0is considered an <a href=\"https:\/\/technet.microsoft.com\/en-ca\/library\/cc161963.aspx\">out-of-band<\/a> update from Microsoft?<\/p>\n<p>I am not sure, as it does not look like we will see the usual accompanying updates to Microsoft, .NET and the Windows (desktop and server) platforms. This sole update to Adobe Flash Player is worth deploying immediately. Evergreen browsers such as Microsoft <a href=\"https:\/\/www.microsoft.com\/en-ca\/windows\/microsoft-edge\">Edge<\/a>\u00a0and Google Chrome will automatically update (using the default settings) and so will patch this serious memory-related\u00a0vulnerability\u00a0in Flash Player.\u00a0<\/p>\n<p>The sole update released from Microsoft for this February Patch Tuesday is a Windows platform update for Adobe Flash player. This patch addresses 13\u00a0vulnerabilities relating to type confusion and a special kind of memory handling error commonly referred to as &#8220;<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/416.html\">use-after-free<\/a>,&#8221; where Adobe Flash Player could allow an attacker to execute code in memory areas that should have been &#8220;cleaned up&#8221; and de-allocated after use. This update is rated <a href=\"https:\/\/helpx.adobe.com\/security\/severity-ratings.html\">critical<\/a> by Microsoft and by Adobe and should be considered a &#8220;Patch Now&#8221; update from Microsoft.<\/p>\n<p>Microsoft has recommended a number of mitigations for this type of Adobe Flash Player\u00a0vulnerability, including\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Whitelist\">whitelisting<\/a>\u00a0sites in the Microsoft <a href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/gg622935(v=vs.85).aspx\">Compatibility\u00a0View List<\/a>\u00a0and of course disabling ActiveX controls. I recommend disabling and removing Adobe Flash Player at your earliest convenience (again).<\/p>\n<p><strong>This article is published as part of the IDG Contributor Network. <a href=\"\/contributor-network\/signup.html\">Want to Join?<\/a><\/strong><\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3173316\/security\/february-patch-tuesday-updated.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt1.staticworld.net\/images\/article\/2016\/05\/mit-probablistic-patches-press-100642864-orig-100660887-primary.idge.jpg\"\/><\/p>\n<p><strong>Credit to Author: Greg Lambert| Date: Mon, 27 Feb 2017 07:45:00 -0800<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>Microsoft released a single update last week with this February Patch Tuesday, after a week&#8217;s<a href=\"http:\/\/computerworld.com\/article\/3170886\/security\/why-februarys-patch-tuesday-is-delayed.htmlhttp:\/computerworld.com\/article\/3170886\/security\/why-februarys-patch-tuesday-is-delayed.html\">\u00a0<\/a><a href=\"http:\/\/computerworld.com\/article\/3170886\/security\/why-februarys-patch-tuesday-is-delayed.html\">delay<\/a>. Or, perhaps <a href=\"https:\/\/technet.microsoft.com\/library\/security\/ms17-005\">MS17-005<\/a>\u00a0is considered an <a href=\"https:\/\/technet.microsoft.com\/en-ca\/library\/cc161963.aspx\">out-of-band<\/a> update from Microsoft?<\/p>\n<p>I am not sure, as it does not look like we will see the usual accompanying updates to Microsoft, .NET and the Windows (desktop and server) platforms. This sole update to Adobe Flash Player is worth deploying immediately. Evergreen browsers such as Microsoft <a href=\"https:\/\/www.microsoft.com\/en-ca\/windows\/microsoft-edge\">Edge<\/a>\u00a0and Google Chrome will automatically update (using the default settings) and so will patch this serious memory-related\u00a0vulnerability\u00a0in Flash Player.\u00a0<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3173316\/security\/february-patch-tuesday-updated.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,10761],"class_list":["post-6792","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows-10"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6792","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6792"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6792\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6792"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6792"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}