Despite going on sale less than a month ago, Microsoft is to release three fixes for Windows 8 and its Surface tablets.
Three security holes have been found that affect Windows systems from Windows XP SP3 right up to and including Windows 8 and Windows Server 2012.
The flaws allow hackers to execute malicious code on vulnerable systems. A couple of patches also fix flaws in Windows 8 RT, the ARM-based OS used in Microsoft's new tablet computer.
Another critical patch is for an Internet Explorer vulnerability that could be used in both drive-by and targeted attacks. An attacker would be able to compromise their system if the user visits a malicious web page.
Another flaw affects Microsoft Office. Listed as important, the vulnerability allows remote code execution if a victim opens a malicious Office document. This bulletin is listed as important because the attacker can't force the user to open a document; they would have to be socially engineered into opening it.
The six patches rectify 19 vulnerabilities found in Microsoft software. The patches will be released on Tuesday 13 November.
"Most organisations will be affected by these critical bulletins as they relate to legacy codebase that is present even in Microsoft's most recent releases, such as Windows 8 and Windows Server 2012," said Marcus Carey, a security researcher with Rapid7.
"This may come as a surprise to many who expected that Windows 8 and Windows Server 2012 to be much more secure than legacy versions. The truth is that Microsoft and other vendors have significant technical debt in their code base which results in security issues."
Alongside the patches for Microsoft, Adobe is to release patches for vulnerabilities in its own products.
The software company will be releasing updates timed to coincide with Microsoft's patching schedule, rather than its previous policy of sending out updates as soon as they are ready.
"Starting with the next Flash Player security update, we plan to release regularly-scheduled security updates for Flash Player on 'Patch Tuesdays," the company said in a release.
The patches will fix seven critical flaws in Flash Player.
According to Chester Wisniewski ,security expert at Sophos, Flash Player remains one of the most exploited plug-ins used in drive by web attacks, and he said "it is sensible to update as soon as possible.
-
Apple, Meta hit back at EU after landmark DMA finesNews The European Commission has issued its first penalties under the EU Digital Markets Act (DMA), fining Apple €500 million and Meta €200m.
-
Enterprises are facing a ‘cloud security crisis’News Businesses are facing a “cloud security crisis” fueled by increasingly fragmented hybrid environments, according to security firm Rubrik.
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerabilityNews An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Adobe forced to patch its own failed security updateNews Company issues new fix for e-commerce vulnerability after researchers bypass the original update
-
Ask more from your CMSWhitepaper How to get the most value in the shortest timespan
-
Adobe battles fake photos with editing tagsNews Photoshop will include new tagging tools later this year to help fight against misinformation and deep fakes
-
Adobe Photoshop Elements 2019 review: Trapped in the photo-editing middle groundReviews A once peerless beginner’s photo-editing package that’s past its prime
-
How Adobe saved BT £630,000Sponsored Adobe’s digital signature platform is saving time and money - and forging stronger connections between businesses and customers
-
Don't settle when it comes to creativitySponsored Getting the best out of your creative design team means equipping them with the best software
-
The benefits of a subscription serviceSponsored Why software vendors are increasingly moving to a subscription model
