Security News > 2021 > December > Microsoft closes installer hole abused by Emotet malware, Google splats Chrome bug exploited in the wild

Let's start with Microsoft, which put out a summary of its security updates here.
Microsoft Defender for IoT: A critical remote-code execution flaw in this security product, prior to version 10.5.2, can be exploited over a network by a non-authenticated miscreant.
Microsoft Office app: Again, Microsoft is cagey about this critical remote-code execution hole prior to versions 18.2110.13110.
"The initial deployment phase starts with the Windows updates released on December 14, 2021," Microsoft noted.
On Tuesday, Adobe patched scores of bugs in 11 of its products, including code execution holes in Photoshop, Premier Pro, and After Effects on Windows and macOS, and a privilege-escalation vulnerability in Lightroom on Windows.
There's also what's described as a "Code injection vulnerability in SAP ABAP Server & ABAP Platform," plus an SQL-injection hole in SAP Commerce, an XSS vuln in SAP Knowledge Warehouse, a command-injection flaw in SAP NetWeaver AS ABAP, and other security blunders in the enterprise IT giant's code.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/12/15/patch_tesuday/
Related news
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)