Microsoft's Patch Tuesday is usually a prophylactic measure that fixes serious, but theoretical, problems with its products. This past Tuesday, however, it addressed three vulnerabilities that Russian and Chinese malefactors have already exploited. Between Microsoft's extensive patching and a handful of updates from Adobe, today is a much more secure day to be online than yesterday was.
Microsoft provided some information about Patch Tuesday (or Update Tuesday, as it's now calling the monthly event) to clarify what each patch did. The details are generally only of interest to security enthusiasts, with two exceptions: MS14-060 and MS14-058.
MS14-060 is a security flaw that Microsoft rates "Important," meaning it could compromise a user's computer only with some kind of prompt -- in this case, if the user opened a maliciously crafted document. Although Microsoft did not specifically address the issue, Russian hackers have already utilized the flaw, dubbed SandWorm, to spy on high-profile international agencies such as NATO.
MS14-058, however, is rated "Critical," which means attackers could remotely take control of a computer without the user's assistance or knowledge. It patches two flaws discovered by the security firms CrowdStrike and FireEye. CrowdStrike said one flaw was being used by a Chinese group dubbed "Hurricane Panda" to spy on technology companies, and FireEye said the other was being used by unidentified attackers to spy on "an international organization."
Internet Explorer was also something of a hot mess, as the MS14-056 patch fixed more than a dozen issues with the browser. Although there's no evidence of these hacks appearing in the wild, Microsoft confirmed that the program was highly vulnerable to remote code execution without any user prompts. This would allow a malefactor to spy on or hijack a computer with relatively little difficulty.
Oct. 14 was also a big day for Adobe, which released major patches for Flash Player and AIR (a related program that many media programs and games use to run). Adobe has not revealed exactly what the new patches address, but half of the issues merited a priority "1" level, which means that the patch addresses issues that exist in the wild.
In order to apply Microsoft's updates, simply run Windows Update. For the Adobe patches, users can visit the Flash Player and AIR websites, then follow the instructions. Now that malicious hackers know how to exploit yesterday's vulnerabilities, updating your software as soon as possible is the best way to protect your computer and its assets.
- New York Comic Con Cosplay Gallery 2014
- iOS 8 Security Tips to Keep Your Data Safe
- Best PC Antivirus Software 2014