Adobe Flash Player and Microsoft Windows critical updates released in July, 2016
7/14/2016
On Patch Tuesday, July 13, 2016, Adobe and Microsoft both released critical patches for vulnerabilities in various programs and services that were being or could be exploited in the wild.
First, Adobe Flash Player is still deployed on millions, if not billions of devices of all types. Flash videos and interactive games used to be all the rage until a few short years ago. However, since around 2010, a new standard has been emerging to not only challenge Flash, but to surpass it. That new video player is known as "HTML5 Video." The HTML5 <video> element specifies a standard way to embed a video in a web page. Furthermore, that video need not be made in Adobe Flash format.
That is good news for people who want to watch video content on web pages with Apple iPhones and iPads, plus a large swath of Mac computers, all of which do not natively support Flash (thank Steve Jobs). It's also good news to the millions of computer users who are tired of being at constant risk from malware exploit kits targeting web browsers that have Flash Player installed and enabled. This is because the Flash plug-in is the number one target of almost all of the current exploit attack kits in distribution. Cybercriminals pay researchers to probe various versions of Flash Player for unpatched vulnerabilities that they can exploit in what is known as a "zero day attack."
So it is that on July 13,2016, Adobe, the official maintainers of the Flash encoder and player, released a large combined patch that fixed an astounding 52 vulnerabilities in their Flash Player. The new version of Flash Player for most browsers and operating systems becomes 22.0.0.209. All previous versions are at risk of remote exploitation that would lead to system takeover.
You can see a full listing of the most current version for various browsers and devices, as well as checking what version you might have installed and active, on the About Adobe Flash Player page. If you see that you don't have the current version installed, go to the Flash Player Download Center where the newest version for your browser and operating system will be displayed and made available for downloading. Note that there are different versions of Flash Player for Firefox and Internet Explorer, while Google Chrome and Microsoft Edge browsers themselves must be updated to upgrade their built-in, compiled version of Flash.
Adobe also released patches for the Acrobat PDF Reader (DC) and Acrobat PDF writer, plugging 30 critical vulnerabilities, for both Windows and Macintosh computers. Affected versions are 15.016.20045 and earlier. The newest Acrobat Reader installer, v2015.017.20050, can be downloaded from the Acrobat Reader Download Center.
Meanwhile, Microsoft released 11 different security patches on this Patch Tuesday. Six are rated critical and 5 as important. They include critical patches for vulnerabilities in Internet Explorer and Edge browsers and also plug a long standing exploitable hole in the print spooler service. Another patch is for the Jscript and VBscript engines which are being exploited in the wild in email attachment scripted attacks. There was also a critical patch for various versions and portions of Microsoft Office and even in the Word and Excel Viewers, which could allow remote code execution if a user opens a specially crafted Microsoft Office file. You definitely want to apply all of these patches!