Security

Microsoft releases patch to fix Adobe Flash zero day exploit in Windows

The out-of-band release protects against a flaw that delivers the ROKRAT remote administration tool.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • Microsoft has released a patch to fix the Adobe Flash exploit that delivered the ROKRAT remote administration tool.
  • A patch pushed to Adobe Flash Player for Windows, Macintosh, Linux, and Chrome OS will protect against a flaw that enables remote code execution on those platforms.

A critical vulnerability affecting Adobe Flash player has been patched by Microsoft, the company announced in a security update on Tuesday. The patch was released by Adobe on Tuesday and subsequently pushed in an out-of-band security release from Microsoft.

As noted in Adobe's security bulletin, the critical vulnerabilities could have lead to "remote code execution in Adobe Flash Player 28.0.0.137" and earlier versions of the software. Adobe said that it has pushed updates for Flash Player on Windows, Macintosh, Linux, and Chrome OS.

Security leaders and IT admins should update their systems as soon as possible in order to avoid any issues with the Flash vulnerabilities.

SEE: System update policy template (Tech Pro Research)

The official title of the vulnerability is CVE-2018-4878. An exploit exists in the wild, Adobe said, and is being used to target Windows users. Affected product versions are listed in the security bulletin, which also lists steps a user can follow to determine what version they are running.

"These attacks leverage Office documents with embedded malicious Flash content distributed via email," the security bulletin said.

As reported by Liam Tung of our sister site ZDNet, the exploit is the same one suspected to have been used by nation state hackers in North Korea. These hackers, known as Group 123, used the exploit to deliver the ROKRAT remote administration tool.

A separate FireEye report said the group is known as TEMP.Reaper. FireEye said in its report that it noted activity with exploits coming from an IP address tied to a network in Pyongyang.

"Historically, the majority of their targeting has been focused on the South Korean government, military, and defense industrial base; however, they have expanded to other international targets in the last year," FireEye wrote.

Also see

security.jpg
Image: iStockphoto/maxkabakov

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox