Microsoft and Adobe Systems have announced that they are releasing an unscheduled patch to check hackers from exploiting critical vulnerabilities for their popular products.
Machines running Linux, Mac OS X, and Windows operating systems can get the free update for their Adobe Flash Player automatically. The files can also be downloaded manually from official Adobe Systems website so the patch can be manually installed. Users using Google Chrome browser when surfing the Web will have no problems getting the update as the browser is designed to check for updates automatically.
The unplanned patch release was made by Adobe after two separate reports from different researchers confirmed that Flash Player is being exploited by targeted attacks. The attacks were reportedly delivered through a malicious Microsoft Word document that manipulates the ActiveX version of the Flash Player for Internet Explorer on Windows-based PCs. The researchers, who did not want to be named, did not reveal who the targeted parties were. Other Microsoft Office applications and server packages are known to be under active attack, said Adobe. The vulnerability of these apps could allow remote code execution if a user visits a malicious website. However, according to Microsoft, an attacker cannot force a user to visit the said site. Instead, a user will be asked by an attacker to pull-up the site through a click in an email message of Instant Messenger message.
The patch was released together with the patches for Adobe Acrobat and Reader applications, which are designed to fix application crash and to slow an attacker down from taking control of the affected system.
For its part, Microsoft is also releasing a set of patch of its own to fix at least 29 known vulnerabilities for a number of its applications that include Exchange Server, Internet Explorer, and Windows.