Security News > 2021 > February > February 2021 Patch Tuesday: Microsoft and Adobe fix exploited zero-days

Microsoft has plugged 56 security holes, including one actively exploited privilege escalation flaw.

Adobe has released security updates for Acrobat and Reader, Dreamweaver, Photoshop, Illustrator, Animate, and the Magento CMS. Out of all of those, the Acrobat and Reader updates should be tested and deployed as soon as possible, as they fix a bucketload of critical and important issues in widely used solutions, including one bug that is being exploited in "Limited" attacks on Reader for Windows.

A little less urgent is the Magento update, not because it doesn't fix critical flaws, but because there are currently no known exploits and because based on previous experience, Adobe does not anticipate them being imminent.

There has been no mention whether this flaw is being exploited along with the actively exploited and now plugged hole in Adobe Reader.

"The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month," the MSRC team explained.

For February 2021 Patch Tuesday, SAP has released 7 new security notes and updates to 6 previously released ones.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/UdRaUX0Fbo8/