Today Microsoft addressed a 0-day vulnerability in Internet Explorer in an out-of-band update described MS15-093. The vulnerability CVE-2015-2502 is actively being exploited in the wild. The attack code is hosted on a malicious webpage that you or your users would have to visit in order to get infected. Attackers use a number of mechanisms to increase their target reach and lure users to the webpage including:
Today Adobe published an out-of-band patch for a critical vulnerability in the Adobe Flash Player. Adobe is aware of attack in the wild that target the Windows platform and recommends installing update APSB14-13 as quickly as possible. The most likely attack vector is a webpage that contains a malicious SWF file and a successful attacker can gain control of the targeted machine.
Adobe just released an out-of-band update (APSB14-04) to their Flash player, which fixes a vulnerability (CVE-2014-0497) that is being exploited in the wild. Flash version 12 and 11 is affected on Windows and Mac OS X and Flash version 11 is affected on the Linux platform. Users of Google Chrome and Microsoft Internet Explorer 10 and 11 will get their updates automatically through a browser update, but should still verify if they need to update Flash on the operating system itslef as well, if a browser is installed that does not bring its own version of Flash (for example, Safari on Mac OS X, Firefox or older versions of IE).
