Showing results for 
Search instead for 
Did you mean: 

Adobe releases Emergency Patch for Flash!

Level 17

Yesterday (Tue Feb 4), Adobe published a Security Bulletin and released an emergency patch for Flash v12 (for Windows and MacOS) and Flash v11 (for Linux) to address the vulnerability documented in CVE-2014-0497.

Concurrent with that, Microsoft has released patches for IE10 and IE11 (which have Flash embedded) as KB2929825. Make special note that this update is not cumulative, and it does require that the January update, KB2916266 is installed first.

The vulnerability is related to an integer underflow in Adobe Flash Player that allows remote attackers to execute arbitrary code via unspecified vectors. The vulnerabiity is being actively exploited.

How bad is it.... I'm still trying to track down authoritative information on that, but considering that next Tuesday, Feb 11, would have been the regular release of updates for Adobe products, it seems that Adobe felt this warranted being pushed a week earlier. If you're interested in an in-depth analysis, this is the original article reporting the discovery of the active zero-day exploit by Kaspersky.

About the Author
I'm a Head Geek and technical product marketing manager at SolarWinds. I wrote my first computer program in RPG-II in 1974 to calculate quadratic equations and tested it on some spare weekend cycles on an IBM System/3 that I ‘borrowed’ from my father’s employer. After that I dabbled, studied, and actually programmed in just about every language known for the past 40 years; worked on a half-dozen different variants of Unix on 3B2s, RS6000s, HP9000s, Sparc workstations, and Intel systems; connected to CompuServe on a 300 baud modem; ran a FidoNet BBS on OS/2 on a 9600 bps modem; and started working with Windows when Windows NT4 was still the latest operating system. Along the way, I did a few years in database programming and database administration. I installed some of the first ADSL and SDSL Internet circuits in Texas, and then migrated into full-time Windows systems management, which had a lot to do with my interest in SUS and WSUS 10 years ago. This ultimately led me to EminentWare in 2009, and SolarWinds three years later.