Adobe, Microsoft Patch Critical Flaws

The second Tuesday of the month has come and gone, which means that Microsoft and Adobe have a whole new round of security patches for their most popular products. With critical fixes now having been pushed out by both companies, anyone who uses Windows or Flash Player should download the patches sooner rather than later.

Microsoft and Adobe detailed the new fixes they delivered yesterday, and even if you're not interested in the inner workings of their security mechanisms, you should still take some time today and grab them. Microsoft's vulnerabilities were all related to the Windows operating system (i.e., no applications this time), while Adobe's patches targeted its Flash player and AIR platform.

MORE: Free vs. Paid Antivirus: Avira vs. Bitdefender

For Microsoft's Patch Tuesday, it identified one Critical vulnerability and seven Important vulnerabilities in consumer versions of Windows. A flaw rated Important is the second-highest level of concern at Microsoft.

The only first-rate, Critical, flaw was found in the Telnet client for Windows, and could let a malefactor take control of a computer without warning. Telnet, a decades-old protocol by which users (and computers) communicate via plain text, is no longer installed by default on most Windows systems, but could still pose a threat to those who use Windows for enterprise applications.

Important flaws can hijack a user's system, but they first give a warning or prompt of some kind, letting savvy users avoid them entirely. The vulnerabilities in question for this month could have allowed remote code execution or privilege escalation, allowing distant hackers to seize control of computers and monitor — or change — the data therein.

In all cases, Windows users can download the patches by running Windows Update. Those who've set Windows Update to download and install patches automatically may be prompted to restart their PCs.

Likewise, Adobe's Flash vulnerabilities could have allowed remote code execution, although the company does not specify exactly how. Patching Flash Player and AIR is a little more complicated, depending on your use environment, operating system and browser, but there are detailed instructions on the Adobe website. Flash player updates often come as part of your Internet browser, and you can download most AIR updates directly from Adobe.

One interesting thing about this Patch Tuesday is that it marks the first time Microsoft has not told its customers, except those who paid for a subscription service, what it would be patching in advance. In the future, Microsoft will likely continue this practice, hoping that security researchers will trust whatever it puts out rather than having the resources to investigate flaws for themselves.

For everyday users, however, the process is the same as always: Keep up to date with patches, and hope against hope that no one ever finds a way to exploit one of the flaws in the wild.

Marshall Honorof is a Staff Writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.

TOPICS
Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
Bill Gates in 2019
Bill Gates just predicted the death of every job thanks to AI — except for these three
NYTimes Connections
NYT Connections today hints and answers — Wednesday, March 26 (#654)
Gemini screenshot image
Google unveils Gemini 2.5 — claims AI breakthrough with enhanced reasoning and multimodal power
Samsung Galaxy Z Flip 6 review.
Samsung Galaxy Z Flip 7 design just teased in new cases leak — and the outer display is huge
Google Chrome
Chrome failed to install on Windows PCs, but Google has issued a fix — here's what happened
nyc spring day AI image
OpenAI just unveiled enhanced image generator within ChatGPT-4o — here's what you can do now