Another Patch Tuesday is upon us, and both Microsoft and Adobe have important patches that you should implement right away if you're impacted.
Adobe's big patch fixes a ColdFusion exploit that allows an attacker to access files located on a server with ColdFusion installed. There should also be a fix to Adobe Acrobat Reader.
You can read Adobe's security advisory here.
On the Microsoft side, we should see at least 10 patches that cover over 30 vulnerabilities which impact Windows, Internet Explorer, Office, Lync , Microsoft's .NET framework and Windows Essentials. 2 of the patches are rated Critical, which means you should patch immediately due to exploits available in the wild, and 8 are ranked Important, which should be patched as soon as possible.
What's important to note here is that this set of patches by Microsoft doesn't appear to fix the Internet Explorer 8 exploit in CVE-2013-1347 that is being actively exploited in the wild and was recently found to be used as part of a watering-hole attack on a US Department of Labor site.
Microsoft published a temporary Fix-It patch last week; a link and more detail is provided in an earlier post on our blog.
Microsoft recently said it wants to have a permanent patch ready for this flaw in time for tomorrow, so hopefully they'll be able to squeeze it in.
If they don't, it's critical to apply the Fix-It patch until they deploy the patch.
Microsoft's full advisory can be viewed at this link.