Java Vulnerability: will get administrator privileges

Fixed SW: Oracle Java SE, Version 8 Update 131

Severity: CRITICAL

Release Date: 18.04.2017

Summary:

  • This Critical Patch Update contains 8 new security fixes for Oracle Java SE.  7 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.  The English text form of this Risk Matrix can be found here.
    The CVSS scores below assume that a user running a Java applet or Java Web Start application has administrator privileges (typical on Windows). When the user does not run with administrator privileges (typical on Solaris and Linux), the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability are “Low” instead of “High”, lowering the CVSS Base Score. For example, a Base Score of 9.6 becomes 7.1.

    Users should only use the default Java Plug-in and Java Web Start from the latest JDK or JRE 8 releases.

Reference:

Adobe Security Updates April 2017, Flash/Adobe, …

Fixed SW:

  • Adobe Flash Player 25.0.0.127
  • other see Summary

Release Date: 11.04.2017

Summary:

  • APSB17-09: Security update available for Adobe Campaign
  • APSB17-10: Security updates available for Adobe Flash Player
  • APSB17-11: Security updates available for Adobe Acrobat and Reader
  • APSB17-12: Security updates available for Adobe Photoshop CC
  • APSB17-13: Security update available for the Creative Cloud Desktop Application

Reference:

Microsoft Security Update April 2017: Zero-Day @ Word

Affected SW: Microsoft Products

Severity: CRITICAL

Release Date: 11.04.2016

Summary:

  • Multiple Fixes for:
    • Internet Explorer
    • Microsoft Edge
    • Microsoft Windows
    • Microsoft Office and Microsoft Office Services and Web Apps
    • Visual Studio for Mac
    • .NET Framework
    • Silverlight
    • Adobe Flash Player

Reference: