IDG Contributor Network: February Patch Tuesday updated

Credit to Author: Greg Lambert| Date: Mon, 27 Feb 2017 07:45:00 -0800

Microsoft released a single update last week with this February Patch Tuesday, after a week’s delay. Or, perhaps MS17-005 is considered an out-of-band update from Microsoft?

I am not sure, as it does not look like we will see the usual accompanying updates to Microsoft, .NET and the Windows (desktop and server) platforms. This sole update to Adobe Flash Player is worth deploying immediately. Evergreen browsers such as Microsoft Edge and Google Chrome will automatically update (using the default settings) and so will patch this serious memory-related vulnerability in Flash Player. 

The sole update released from Microsoft for this February Patch Tuesday is a Windows platform update for Adobe Flash player. This patch addresses 13 vulnerabilities relating to type confusion and a special kind of memory handling error commonly referred to as “use-after-free,” where Adobe Flash Player could allow an attacker to execute code in memory areas that should have been “cleaned up” and de-allocated after use. This update is rated critical by Microsoft and by Adobe and should be considered a “Patch Now” update from Microsoft.

Microsoft has recommended a number of mitigations for this type of Adobe Flash Player vulnerability, including whitelisting sites in the Microsoft Compatibility View List and of course disabling ActiveX controls. I recommend disabling and removing Adobe Flash Player at your earliest convenience (again).

This article is published as part of the IDG Contributor Network. Want to Join?

http://www.computerworld.com/category/security/index.rss