View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Microsoft, Adobe and Oracle rush fixes after Hacking Team leak

More than 200 flaws fixed in software such as Windows, Java and Flash.

By Jimmy Nicholls

Microsoft, Adobe and Oracle fixed flaws uncovered in the Hacking Team leak on Tuesday in a flurry of patches from various software companies.

Topping the bill was an escalation-of-privilege flaw in Windows, which allows hackers to grant themselves admin control over a system, with exploit code known to have been circulating in the wild.

Craig Young, a security researcher at vendor Tripwire, said: "Microsoft has answered the tough question of what happens when [an unpatched] zero day is publicly disclosed just days before a scheduled patch release.

"The answer in this case was that Microsoft addressed the elevation of privilege bug used by Hacking Team to covertly give their surveillance software privileged access to affected Windows systems."

Also affected in the Hacking Team leak was Adobe’s Flash Player, a popular means of delivering interactive content online that has acquired a reputation for insecurity, requiring patching 11 times this year alone.

In response the software company has released two fixes for the ailing software, which will likely only fuel calls within the cybersecurity trade to ditch the technology for good.

Russ Ernst, director, product management at Heat Software, said: "If you must use Flash, be sure you have the current version, which you can download here.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"The safer bet however is to uninstall the long-risky media player once and for all. If you use Firefox, you’ll see it blocked Flash entirely this week, in light of the three new zero days."

In total Microsoft fixed 59 vulnerabilities for software including Internet Explorer, the latest three versions of the Windows operating system, and Windows Server 2003, which will no longer be supported by Microsoft from now on.

As well as fixing Flash Player, Adobe also patched 46 problems in Acrobat and PDF Reader and put out a security update for its less mainstream Shockwave Player, another multimedia platform.

However these numbers are dwarfed by a security bulletin from Oracle, which fixed 193 security bugs on Tuesday including a zero day flaw in Java exposed in the Hacking Team leak, which security vendor Trend Micro reports is the first flaw found in the web technology for two years.

Writing earlier this week, Trend Micro reported that the cyber-espionage group Pawn Storm were abusing Java to attack the armed forces of a Nato member as well as an American defence group.

"The attackers behind Operation Pawn Storm have been active since at least 2007 and they continue to launch new campaigns," the company said.

"Over the past year or so, we have seen numerous techniques and tactics employed by this campaign, such as the use of an iOS espionage app, and the inclusion of new targets like the White House."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.