Microsoft, Adobe Fix 'Critical' Security Flaws

It will be a busy week for IT administrators as Microsoft rolls out fixes for five critical vulnerabilities in its products -- including both Windows and Internet Explorer -- and as Adobe issues patches for similar flaws in its Reader and Acrobat programs.

As part of its monthly Patch Tuesday update, Microsoft plans to release nine security bulletins on August 14, 2012. Five of those nine bulletins have been designated "critical", the Redmond, Washington-based firm's highest security rating.

Windows, Internet Explorer Receive Updates

Those five critical bulletins address serious vulnerabilities in several different Microsoft products, including Windows, Internet Explorer, Microsoft SQL Server, and Microsoft Exchange.

"This month is a mixed bag of critical bulletins, which affects workstations, browser, server and productivity products," said Rapid7 security analyst, Marcus Casey. (Source: eweek.com)

"Bulletin one is rated critical and will address Internet Explorer 6, 7 and 8," Casey noted. "Browser bulletins always deserve attention since client-side browser attacks are the de facto way to compromise corporate networks."

Exchange Flaw Could Allow for Remote Code Execution

The most significant vulnerability affects Microsoft Exchange Server 2007 and Exchange Server 2010. The problem, which involves the way files are analyzed, could allow a hacker to gain remote control of a targeted system.

This would give the hacker the power to install viruses and spread them across a network. Casey says that when hackers learn of an opportunity to remotely infiltrate a network in this way, "it's music to their ears."

"They could see potential for remote discovery, remote exploitation and propagation of attacks since Exchange is the epicenter of most organizations' communications," Casey said.

"Email servers are prime targets for exploitation." (Source: eweek.com)

Adobe Serves Up Repairs To Popular Software

Adobe's fixes for its Acrobat and Reader products will also be released on August 14, affecting both Mac and Windows versions of its software. The company reports that its security patches this time around should be considered "critical."

Observers have reported that a hacker exploiting certain vulnerabilities in Acrobat or Reader could execute malicious native code.

However, Adobe claims there have been no reports indicating that hackers have successfully exploited the flaws, which the company refuses to identify publicly. (Source: zdnet.com)