Don’t delay. Get your Microsoft and Adobe security patches while they’re hot

Windows holeAnother Patch Tuesday, means another round of security updates from Microsoft and Adobe, designed to fix critical vulnerabilities in their software.

First up for inspection is Microsoft, which issued (a low by its usual standards) four patches – two deemed “critical” and two ranked “important”, but all capable of allowing a malicious attacker to remotely execute code if successfully exploited.

This Patch Tuesday is making more headlines for Microsoft users than normal, because it is the very last time that Redmond will be issuing patches for Office 2003 and Windows XP.

The update which is probably most essential to patch as soon as possible is MS14-017, as one of the vulnerabilities it addresses is currently being actively exploited by malicious attackers in the wild, and means that simply previewing a message in Outlook could lead to computers becoming infected.

Sign up to our free newsletter.
Security news, advice, and tips.

A cumulative patch for Internet Explorer (MS14-018) has also been ranked “critical”, and addresses six different vulnerabilities which could be exploited by remote hackers to run malicious code. The patch is said to be required by all versions of Internet Explorer except IE10.

More information about the patches can be found in Microsoft’s blog post.

Of course, it’s not just Microsoft customers who need to make sure they are downloading the latest patches every second Tuesday of each month. Adobe users should be ready for action as well, as the company typically times its scheduled security updates with Redmond.

This time around Adobe has fixed a number of critical vulnerabilities in Flash, which – it says – have not been seen exploited in the wild as yet. Clearly, it’s important that things remain that way – so users are advised to update to Flash version on their Windows, Mac and Linux systems.

Users of Adobe Air, which is used by some desktop products, should also be kept updated. The latest version is

As always, if grabbing a new version of Adobe Flash from the company’s website be careful not to be tricked into also downloading third-party software like McAfee Security Scan.

McAfee, bundled with Adobe

It’s a cheap and dirty trick, and companies like Adobe (and indeed McAfee) should know better than to endorse it.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Don’t delay. Get your Microsoft and Adobe security patches while they’re hot”

  1. Havenswift Hosting

    Amazed that Adobe still insists on having the link up with McAfee Security Scan and having the box ticked – I am sure that plenty of people dont read and dont untick and end up with software they dont need or want. Completely agree that it is a cheap and dirty trick that you normally see with cowboy software companies

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.