Microsoft, Adobe and Oracle fixed flaws uncovered in the Hacking Team leak on Tuesday in a flurry of patches from various software companies.
Topping the bill was an escalation-of-privilege flaw in Windows, which allows hackers to grant themselves admin control over a system, with exploit code known to have been circulating in the wild.
Craig Young, a security researcher at vendor Tripwire, said: "Microsoft has answered the tough question of what happens when [an unpatched] zero day is publicly disclosed just days before a scheduled patch release.
"The answer in this case was that Microsoft addressed the elevation of privilege bug used by Hacking Team to covertly give their surveillance software privileged access to affected Windows systems."
Also affected in the Hacking Team leak was Adobe’s Flash Player, a popular means of delivering interactive content online that has acquired a reputation for insecurity, requiring patching 11 times this year alone.
In response the software company has released two fixes for the ailing software, which will likely only fuel calls within the cybersecurity trade to ditch the technology for good.
Russ Ernst, director, product management at Heat Software, said: "If you must use Flash, be sure you have the current version, which you can download here.
"The safer bet however is to uninstall the long-risky media player once and for all. If you use Firefox, you’ll see it blocked Flash entirely this week, in light of the three new zero days."
In total Microsoft fixed 59 vulnerabilities for software including Internet Explorer, the latest three versions of the Windows operating system, and Windows Server 2003, which will no longer be supported by Microsoft from now on.
As well as fixing Flash Player, Adobe also patched 46 problems in Acrobat and PDF Reader and put out a security update for its less mainstream Shockwave Player, another multimedia platform.
However these numbers are dwarfed by a security bulletin from Oracle, which fixed 193 security bugs on Tuesday including a zero day flaw in Java exposed in the Hacking Team leak, which security vendor Trend Micro reports is the first flaw found in the web technology for two years.
Writing earlier this week, Trend Micro reported that the cyber-espionage group Pawn Storm were abusing Java to attack the armed forces of a Nato member as well as an American defence group.
"The attackers behind Operation Pawn Storm have been active since at least 2007 and they continue to launch new campaigns," the company said.
"Over the past year or so, we have seen numerous techniques and tactics employed by this campaign, such as the use of an iOS espionage app, and the inclusion of new targets like the White House."
