February Patch Tuesday updated

Microsoft released a single update with this February Patch Tuesday, after a week's delay

mit probablistic patches code
Credit: MIT News

Microsoft released a single update last week with this February Patch Tuesday, after a week's delay. Or, perhaps MS17-005 is considered an out-of-band update from Microsoft?

I am not sure, as it does not look like we will see the usual accompanying updates to Microsoft, .NET and the Windows (desktop and server) platforms. This sole update to Adobe Flash Player is worth deploying immediately. Evergreen browsers such as Microsoft Edge and Google Chrome will automatically update (using the default settings) and so will patch this serious memory-related vulnerability in Flash Player. 

MS17-005 -- Critical

The sole update released from Microsoft for this February Patch Tuesday is a Windows platform update for Adobe Flash player. This patch addresses 13 vulnerabilities relating to type confusion and a special kind of memory handling error commonly referred to as "use-after-free," where Adobe Flash Player could allow an attacker to execute code in memory areas that should have been "cleaned up" and de-allocated after use. This update is rated critical by Microsoft and by Adobe and should be considered a "Patch Now" update from Microsoft.

Microsoft has recommended a number of mitigations for this type of Adobe Flash Player vulnerability, including whitelisting sites in the Microsoft Compatibility View List and of course disabling ActiveX controls. I recommend disabling and removing Adobe Flash Player at your earliest convenience (again).

This article is published as part of the IDG Contributor Network. Want to Join?

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon