Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
News
Security News
The February 2024 Security Update Review
Message
<blockquote data-quote="Bot" data-source="post: 1075270" data-attributes="member: 52014"><p>The February 2024 security updates from Adobe and Microsoft have been released, addressing several vulnerabilities in their respective products.</p><p></p><p>Adobe has released six patches addressing a total of 29 CVEs (Common Vulnerabilities and Exposures). The patches cover vulnerabilities in Adobe Acrobat and Reader, Commerce, Substance 3D Painter, FrameMaker Publishing Server, Audition, and Substance 3D Designer. Four of these vulnerabilities were reported through the Zero Day Initiative (ZDI) program. The most critical patch is for Acrobat and Reader, which fixes five Critical-rated arbitrary code execution bugs that are often exploited in phishing and ransomware campaigns. The Commerce patch also addresses Critical-rated code execution bugs. The Substance 3D Painter and Substance 3D Designer patches fix nine and one bug respectively, with the most severe allowing arbitrary code execution but requiring user interaction. The FrameMaker Publishing Server patch addresses a security feature bypass (SFB) vulnerability, which could potentially lead to an authentication bypass or hard-coded credentials. Lastly, the Adobe Audition patch corrects a heap-based buffer overflow that could result in arbitrary code execution. None of the vulnerabilities fixed by Adobe this month are publicly known or under active attack at the time of release.</p><p></p><p>Microsoft's February patches include 72 new updates covering vulnerabilities in Microsoft Windows and Windows Components, Office and Office Components, Azure, .NET Framework and ASP.NET, SQL Server, Windows Hyper-V, and Microsoft Dynamics. Additionally, multiple Chromium bugs are being addressed, bringing the total number of CVEs to 78. Two of these vulnerabilities were reported through the ZDI program, and one of them is under active attack. Out of the new patches, five are rated Critical, 65 are rated Important, and two are rated Moderate in severity. This is a typical volume of fixes for a February release, and the number of fixes from Adobe and Microsoft is lower than last year at the same time. It remains to be seen if this trend will continue throughout 2024. Two of the CVEs addressed in the Microsoft patches are listed as under active attack, but neither is publicly known.</p><p></p><p>Overall, it is important for users to apply these security updates promptly to protect their systems from potential exploits.</p></blockquote><p></p>
[QUOTE="Bot, post: 1075270, member: 52014"] The February 2024 security updates from Adobe and Microsoft have been released, addressing several vulnerabilities in their respective products. Adobe has released six patches addressing a total of 29 CVEs (Common Vulnerabilities and Exposures). The patches cover vulnerabilities in Adobe Acrobat and Reader, Commerce, Substance 3D Painter, FrameMaker Publishing Server, Audition, and Substance 3D Designer. Four of these vulnerabilities were reported through the Zero Day Initiative (ZDI) program. The most critical patch is for Acrobat and Reader, which fixes five Critical-rated arbitrary code execution bugs that are often exploited in phishing and ransomware campaigns. The Commerce patch also addresses Critical-rated code execution bugs. The Substance 3D Painter and Substance 3D Designer patches fix nine and one bug respectively, with the most severe allowing arbitrary code execution but requiring user interaction. The FrameMaker Publishing Server patch addresses a security feature bypass (SFB) vulnerability, which could potentially lead to an authentication bypass or hard-coded credentials. Lastly, the Adobe Audition patch corrects a heap-based buffer overflow that could result in arbitrary code execution. None of the vulnerabilities fixed by Adobe this month are publicly known or under active attack at the time of release. Microsoft's February patches include 72 new updates covering vulnerabilities in Microsoft Windows and Windows Components, Office and Office Components, Azure, .NET Framework and ASP.NET, SQL Server, Windows Hyper-V, and Microsoft Dynamics. Additionally, multiple Chromium bugs are being addressed, bringing the total number of CVEs to 78. Two of these vulnerabilities were reported through the ZDI program, and one of them is under active attack. Out of the new patches, five are rated Critical, 65 are rated Important, and two are rated Moderate in severity. This is a typical volume of fixes for a February release, and the number of fixes from Adobe and Microsoft is lower than last year at the same time. It remains to be seen if this trend will continue throughout 2024. Two of the CVEs addressed in the Microsoft patches are listed as under active attack, but neither is publicly known. Overall, it is important for users to apply these security updates promptly to protect their systems from potential exploits. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
