Microsoft and Adobe are warning users of not one, but two security vulnerabilities that are currently being exploited in the wild. Patches are already here or coming tomorrow so you should update your machines as soon as possible.
On Microsoft’s side of the aisle, the bug that’s currently being exploited is part of Internet Explorer. It allows for remote code execution, meaning an attacker could take control of a machine if the victim visits a specially crafted malicious website. This exploit is actively being used in the wild, with attacks being detected in South Korea over the past few days. The good news is that Microsoft has already patched the vulnerability as part of yesterday’s Patch Tuesday. Specifically, KB3155533 addresses the issue.
Also of note is that yesterday’s patches fix other vulnerabilities as well, including seven other issues deemed Critical and a number of others noted as Important. This includes vulnerabilities that got patches in Windows, Flash Player, Edge, Internet Explorer and Office.
Meanwhile Adobe is also preparing to launch a patch of its own for Flash. According to the official security advisory, a critical vulnerability exists in Flash Player version 22.214.171.124 and earlier on all supported platforms. This includes Windows, OS X, Linux and Chrome OS. The bug, which is already being used by attackers, allows a malicious agent to take control of a machine. Adobe says it will have a patch ready as soon as tomorrow, so you’d do well to upgrade all of your devices and software as soon as possible.