Adobe and Microsoft have released several critical security updates on 7/11/17 to address vulnerabilities in Windows, Internet Explorer, Edge, Office, .NET Framework and Exchange as well as both Adobe Flash Player and Adobe Connect.
The Windows update categorized as urgent for enterprises and corrects a critical bug (link is external) in the Windows Search Service that could be exploited remotely via the SMB file-sharing service built into both Windows workstations and servers.
Please see https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8589 for Microsoft patches per Operating System.
In addition to the Microsoft Patches released, Adobe has released security updates which if left unpatched, respectively, could lead to information disclosure, remote code execution and memory address disclosure.
Users and administrators are encouraged to review Adobe Security Bulletins APSB17-21 (link is external) and APSB17-22 (link is external) and apply the necessary updates.
The affected versions of these products are as follows:
Adobe Flash Player:
|
Adobe Flash Player Desktop Runtime |
26.0.0.131 and earlier |
Windows, Macintosh and Linux |
|
Adobe Flash Player for Google Chrome |
26.0.0.131 and earlier |
Windows, Macintosh, Linux and Chrome OS |
|
Adobe Flash Player for Microsoft Edge and IE 11 |
26.0.0.120 and earlier |
Windows 10 and 8.1 |
Adobe Connect:
|
Adobe Connect |
9.6.1 and earlier |
Windows |
We recommend that system administrators upgrade to the latest version of either of these products.
Adobe Flash Player 26.0.0.137 is the latest version for all platforms.
Adobe Connect 9.6.2 is the latest version.
