One patch from Microsoft, more from Adobe and Oracle

It's a slow security patching month from Microsoft, but Adobe has issued a fix for a critical, zero-day flaw, while Oracle gets in on the action, too.

patched computer

Microsoft has released a single patch this month, but don't forget to check out serious updates from Adobe or Oracle.

In its monthly patching exercise, Microsoft released just one fix, for a "critical" flaw in Embedded OpenType Font. The vulnerability needs a user to visit a malicious web page before it hurts computers, however.

Adobe released patches for critical vulnerabilities, including one for a zero-day flaw in Reader and Acrobat, which was discovered last month. In its security bulletin, the firm said: "These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system."

Adobe said the flaw is actively being exploited, but at the time of the discovery decided to keep the fix within its regular patching cycle.

"This has been a relatively quiet month in terms of patch updates from Microsoft," said Ben Greenbaum, senior research manager at Symantec Security Response, in a statement.

"However, we would urge users to pay particular attention to the Adobe update which addresses a serious vulnerability where attempts have been made to steal source code from the some of the world's largest organisations including Google," he added.

Oracle also joined in the fun. It's quarterly patch fixed 25 flaws across seven products, including its database engine.

"The majority of the [Oracle] vulnerabilities are remotely exploitable without authentication and IT admins should be taking a close look at the exposure these products have in their networks," Qualys chief technology officer Wolfgang Kandek said in a statement.

He added: "In general database engines should have no necessity to be connected to open networks, but the application servers are very likely exposed."

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Sopra Steria cyber attack costs to hit €50 million
Security

Sopra Steria cyber attack costs to hit €50 million

26 Nov 2020
Sophos warns customers of potential data leak
Security

Sophos warns customers of potential data leak

26 Nov 2020
Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron
Security

Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron

26 Nov 2020
Egregor ransomware could take up where Maze left off
Security

Egregor ransomware could take up where Maze left off

26 Nov 2020

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020