Two High Profile Zero-Day Vulnerabilities Announced

This has been an exciting week in the security space, first Adobe and and now Microsoft have announced that they will deliver out-of-band patches next week:

• Adobe: has a problem in the Flash component and there are known instances of attacks in the wild using PDF documents as an entry point (these were detected first) and also word of the standard drive-by variety.
• Microsoft: will address a problem on Tuesday with a patch for Visual Studio and Internet Explorer

Both vulnerabilities are rated critical and are found in very common software components – all versions of IE (6,7 and 8) are vulnerable, while Adobe says that updates will be shipped for Flash 9 and 10 and also Adobe Reader 9. IT administrators should prepare for a quick turnaround.