8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
The most critical updates for this “Patch Tuesday” come from Firefox and Adobe. While Microsoft addresses 70 vulnerabilities in its February 2022 Patch Tuesday release, none of them are ranked as critical. Firefox and Adobe however have fixed a few issues that could be qualified as critical.
Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). Let’s have a look at the ones that jumped out at us.
Mozilla fixed a dozen security vulnerabilities in its Firefox browser. The two most important ones are both permissions issues:
Two other vulnerabilities were classified as high. Those two are both memory safety bugs that with enough effort could have been exploited to run arbitrary code. These vulnerabilities were found by Mozilla developers.
Adobe released updates to fix 17 CVEs affecting Premiere Rush, Illustrator, Photoshop, After Effects, and Creative Cloud Desktop. Of these 17 vulnerabilities, five are rated as critical.
Even though no Microsoft vulnerabilities were listed as critical, there are a few that deserve some attention.
Given the amount of available stolen login credentials, organizations shouldn't disregard the vulnerabilities that require authentication, especially where it concerns public-facing servers. We hope this quick summary makes it easier for you to prioritize your updating jobs.
Stay safe, everyone!
The post Update now! Firefox and Adobe updates are more critical than Microsoft’s appeared first on Malwarebytes Labs.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C