So, the Adobe Flash update released today by Adobe and the Flash
security Update from Microsoft is a fix for a new bug and does not
address the FireEye reported vulnerability earlier this month?
-Harjit
On 2/20/2014 5:05 PM, Rod Trent wrote:
Yep...that's right...
http://windowsitpro.com/msrc/microsoft-releases-temporary-fix-ie10-and-ie9-remote-code-execution-vulnerability
The IE10 vuln was reported to Microsoft by FireEye on the 13^th and
confirmed by Microsoft (and announced it also affects IE9) on the
18^th . The Fix-It was released yesterday evening. Keep in mind the
flaw is actually in Adobe's Flash scripting language.
Coincidentally, Adobe released its 2^nd zero-day update this month
today. It's also a Flash vuln.
http://windowsitpro.com/security/adobe-releases-second-critical-zero-day-flash-update-short-month
*From:* [email protected]
[mailto:[email protected]] *On Behalf Of *Marcum, John
*Sent:* Thursday, February 20, 2014 4:54 PM
*To:* SMS List ([email protected])
*Subject:* [mssms] MS and Adobe OOB Updates
Am I reading this right???? Microsoft released an OOB warning but the
only way to patch it is with a fix it?
http://news.cnet.com/8301-1009_3-57619214-83/adobe-issues-emergency-patch-again/
However, people who use those browsers must apply the fix manually
with the FixIt shim tool <http://support.microsoft.com/kb/2934088>. A
permanent fix for the exploit is expected in three weeks or so
*
------------------------------------------------------------------------
*
*John Marcum*
*/Lead Desktop Engineer/*
*/Bradley Arant Boult Cummings LLP/*
------------------------------------------------------------------------
------------------------------------------------------------------------
Confidentiality Notice: This e-mail is from a law firm and may be
protected by the attorney-client or work product privileges. If you
have received this message in error, please notify the sender by
replying to this e-mail and then delete it from your computer.