Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Microsoft Releases KB4074595 to Fix Zero-Day Flash Player Flaw
#1
http://news.softpedia.com/news/microsoft...9738.shtml       Microsoft Releases KB4074595 to Fix Zero-Day Flash Player Flaw

All but one supported Windows versions getting it
Feb 9, 2018 12:29 GMT  ·  By Bogdan Popa ·  Share:      
Microsoft has released Windows update KB4074595 to fix a zero-day flaw in Adobe Flash Player that could allow an attacker to compromise an unpatched host and deploy additional payloads or take control of the system.

The new patch is available for all supported versions of Windows, except for Windows 7, and Microsoft recommends users to install it as soon as possible.

The vulnerability exists in versions of Adobe Flash Player older than 28.0.0.161, and it can allow arbitrary code execution. It can be exploited with Office documents that include Flash content and spreading either via compromised websites or through emails.

According to the South Korean Computer Emergency Response Team, the security flaw has already been used by North Korea in attacks aimed at researchers in South Korea. Korean security expert Simon Choi said in a tweet that this vulnerability had been used since at least mid-November 2017, and the preferred targets were South Korean researchers working on projects related to North Korea.

Adobe aware of attacks
Adobe confirmed in an advisory that it was aware of exploits aimed at this vulnerability and recommended customers to update to the latest version of Flash Player as soon as possible.

“Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email,” Adobe said.

Since Flash Player is directly integrated into the latest versions of Internet Explorer and Microsoft Edge, the Redmond-based software giant has to manually release patches provided by Adobe to its users. These are published on Windows Update and pushed to Windows computers automatically.

Users are obviously recommended to patch systems as soon as possible, especially because attacks have already been spotted out in the wild. Additionally, the patch can be manually downloaded from Microsoft’s Update Catalog for each version of Windows.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  German cybersecurity agency identifies critical flaw in VLC Media Player ! ahmed 0 1,686 07-22-2019 , 11:39 AM
Last Post: ahmed
  Microsoft warns of major WannaCry-like Windows security exploit, releases XP patches tarekma7 0 1,675 05-14-2019 , 10:35 PM
Last Post: tarekma7
  Google Engineer Finds Zero-Day Flaw in Microsoft Browser mrtrout 0 1,210 12-21-2018 , 02:44 AM
Last Post: mrtrout
  New 0-day exploit (Flash Player) Mohammad.Poorya 0 1,105 12-06-2018 , 02:05 PM
Last Post: Mohammad.Poorya
  Adobe Flash Player Update Released for Remote Code Execution Vulnerability tarekma7 0 1,446 11-22-2018 , 12:11 PM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)