14 DAY TRIAL // After Adobe resolved a zero-day vulnerability in Flash Player earlier this week, Microsoft also published an out-of-band patch to deliver the fix to users on Windows systems.
Flash Player is being offered as a built-in component on Windows 8.1 and Windows 10, so Microsoft needs to ship stand-alone patches via Windows Update whenever a vulnerability is fixed.
This is what happened this week after Adobe addressed a Flash Player flaw that could have allowed attackers to compromise a Windows host using nothing else than a malicious Microsoft Office document.
The zero-day code can be embedded in Word and Excel documents, but also in other files that are then deployed on vulnerable Windows systems. Adobe warned that it was aware of several exploits in the wild and urged customers to patch their systems as fast as possible.
Microsoft’s security update is KB4471331 and it is being delivered to all Windows 10 versions out there, but also to Windows 8.1, Window RT 8.1, Windows Server 2019, and Windows Server 2016.
New security updates coming next week
The company warns that in the case of Windows 10 version 1607, updates may not be installed automatically, and users are recommended to head over to Windows Update to check for the security patch manually.
Obviously, Windows 10 version 1809 (October 2018 Update) is getting the security update as well, and all users are recommended to install it as soon as possible.
Microsoft will release new cumulative updates containing security fixes next week as part of the monthly Patch Tuesday rollout. However, given that this Flash Player vulnerability is already being exploited, customers aren’t recommended to delay the patching.
On the other hand, if system admins can’t install the new security patch, they are recommended to block the opening of documents coming from untrusted sources, but also to restrict access to websites that may attempt to deploy malicious payloads in an attempt to exploit the vulnerability.