The world’s largest software program maker Microsoft on Tuesday launched patches with cowl for at the very least 59 documented security vulnerabilities, together with a pair of critical-severity zero-days already being exploited within the wild.
Redmond’s security response group documented a variety of security defects in a spread of Home windows OS and elements and referred to as particular consideration to 2 vulnerabilities — CVE-2023-36033 and CVE-2023-36036 — being exploited in lively assaults.
“An attacker who efficiently exploited this vulnerability might acquire SYSTEM privileges,” Microsoft mentioned two separate advisories that credit score security researcher Quan Jin, DBAPPSecurity WeBin Lab and its personal threat-intel groups for locating the 2 zero-days.
As is customary, Microsoft’s barebones bulletins didn’t comprise any particulars on the stay assaults or indicators of compromise to assist defenders hunt for indicators of infections.
The Patch Tuesday rollout additionally fixes the identified — and already exploited — WepP flaw affecting its Microsoft Edge (Chromium-based browser) and distant code execution points within the Home windows cURL Implementation.
Microsoft additionally pushed out one other patch to handle characteristic bypass points that proceed to hang-out its Home windows SmartScreen instrument and main updates to repair distant code execution and privilege escalation points in Home windows Pragmatic Normal Multicast (PGM) and Home windows HMAC Key Derivation elements.
The PGM flaw (CVE-2023-36397) carries a CVSS severity rating of 9.8 out of 10 and needs to be thought of a patch for high-priority deployment.
Microsoft’s patches comply with Adobe’s rollout of a large batch of security fixes to cowl critical-severity flaws in its Acrobat and Reader, ColdFusion, inDesign, inCopy and Audition merchandise.
Adobe documented 72 distinct security bugs and referred to as particular consideration to code-execution defects within the broadly deployed Adobe Acrobat and Reader software program.
In a critical-severity bulletin, Adobe documented at the very least 17 Acrobat and Reader bugs that expose unpatched Home windows and macOS programs to arbitrary code execution and reminiscence leak points.
Adobe additionally issued patches for at the very least six distinct ColdFusion flaws that would result in arbitrary code execution and security characteristic bypass. The ColdFusion points are flagged as essential and impacts variations 2023 and 2021.