On November's Patch Tuesday yesterday, Microsoft and Adobe pushed out a large number of bug fixes. They included updates to resolve serious security flaws in Microsoft Office, the Internet Explorer and Edge Web browsers, and Adobe's Acrobat, Reader, Photoshop, and Flash Player.
Microsoft's update addressed a total of 53 vulnerabilities, four of which could open the door for security attacks. However, none of them appears to have been exploited in the wild at this point.
Adobe, meanwhile, patched more than five dozen vulnerabilities, including critical flaws that could enable remote code execution in Shockwave, Acrobat/Reader, and Flash Player.
In other developments, Microsoft today unveiled a new set of technologies and tools for developers looking to create cross-platform applications in the cloud.
Focus on Wireless and Flash Security
Beyond installing this month's patches, Microsoft users should also take care to ensure they've addressed other recent security issues, noted Gill Langston, director of product management and patching at Qualys, a cloud security and compliance firm. The most serious of these is the KRACK vulnerability identified in October, which could enable any Wi-Fi session to be hacked.
"It should also be noted that last Patch Tuesday, Microsoft quietly released the fix for CVE-2017-13080, widely known as the KRACK vulnerability in WPA2 wireless protocol, but did not make it known until a week later, when the vulnerability was publicly disclosed," Langson wrote in a blog post yesterday. "Therefore, it is recommended you ensure last month's security patches are fully addressed. Alternatively, you can install this month's Monthly Rollups, as they should include this fix."
In the meantime, anyone who browses the Web should ensure their browsers are updated to address critical bugs in Adobe's Flash Player, according to security writer Brian Krebs. Better still, users should try to avoid using Flash altogether, he added.
"Because Flash remains such a security risk, I continue to encourage readers to remove or hobble Flash Player unless and until it is needed for a specific site or purpose," Krebs wrote on his blog yesterday. "Another, perhaps less elegant, solution is to keep Flash installed in a browser that you don't normally use, and then to only use that browser on sites that require it."
Extended Windows 10 Support for Enterprises
In the meantime, enterprises moving to Microsoft's Windows-as-a-service model will gain some extra time to continue receiving security support for older versions of Windows 10, according to director of product marketing Michael Niehaus.
"To help some early enterprise adopters that are still finishing their transition to Windows as a service, we will be providing a supplemental servicing package for Windows 10, version 1511 for an additional six months, until April 2018, providing updates to address critical and important security issues that arise during that time," Niehaus wrote yesterday on Microsoft's TechNet blog. "These updates will be available to anyone using Windows 10 Enterprise, version 1511 or Windows 10 Education, version 1511. Updates will be offered via all normal channels, including Windows Update, WSUS, Configuration Manager, and the Windows Update catalog."
At its Connect(); 2017 event in New York today, Microsoft unveiled a new offering called Azure Databricks. Powered by Apache Spark, Databricks is designed to "help developers build applications and services for the AI-driven future," according to executive vice president Scott Guthrie. Azure Databricks includes native integration with Azure applications and Power BI to support the creation of data warehouses with self-service analytics and machine learning.