Windows security: Microsoft issues Adobe patch to tackle Flash zero-day

[RV_]

There is a critical update for Adobe Flash put out yesterday. Check your installed updates and make sure you have the Flash update from yesterday 6 Feb or today. If not check for and install updates. This is not a big one.

Excerpt:

"Microsoft has released Adobe's patch for a critical flaw in Flash Player that suspected North Korean hackers have exploited in malicious Excel sheets.

Researchers at Cisco Talos said hackers known as Group 123 were using the zero-day Flash flaw and Excel sheets to deliver the ROKRAT remote-administration tool.

The use-after-free vulnerability in Flash allowed attackers to gain remote code execution on Windows, macOS, Linux, and Chrome OS, Adobe warned last week after South Korea's CERT said it had observed a Flash exploit for the CVE-2018-4878 being used in the wild.

Adobe said after that it was developing the patch over the coming week, which it released on Tuesday.

Adobe's update shuts down this avenue for gaining remote code execution on Windows, macOS, Linux, and Chrome OS, and bumps up the current version of Flash Player to 28.0.0.161.

Since Microsoft is responsible for updating Flash player in Internet Explorer and Edge, the company notes that its "out-of-band February 6 security release consists of security updates for Adobe Flash"."

http://www.zdnet.com/article/windows-security-microsoft-issues-adobe-patch-to-tackle-flash-zero-day/?loc=newsletter_featured_related_listing&ftag=TRE-03-10aaa6b&bhid=19724681974700635514865380622813