• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Flaws in ATM Dispenser Controllers Allowed Hackers to Steal Cash
August 14, 2018
Rewterz Threat Advisory – CVE-2018-8374 Microsoft Exchange Server Tampering Vulnerability
August 15, 2018

Rewterz Threat Advisory – Microsoft Windows Adobe Flash Player Multiple Vulnerabilities

August 15, 2018

Multiple vulnerabilities in Microsoft Windows Adobe Flash Player may cause information disclosure, privilege escalation or security mitigation bypass.

 

IMPACT:  NORMAL

PUBLISH DATE:  14-08-2018

 

OVERVIEW

Multiple vulnerabilities have been found in various versions of Microsoft Windows Adobe Flash Player which may lead to out-of-bound reads causing disclosure of potentially sensitive information. One of these vulnerabilities may also cause bypassing of Security Mitigations. Moreover, an attacker using a component with a known vulnerability may also lead to privilege escalation.

 

 

ANALYSIS

The five vulnerabilities detected in Microsoft Windows Adobe Flash Player this week include Out-of-bound reads, security bypasses and usage of a component with known vulnerability. These can cause Information disclosure by providing sensitive information to unauthorized people, or may bypass restrictions meant for security mitigation. Usage of known vulnerabilities may also cause privilege escalation.

 

These vulnerabilities are resolved by updating products to latest versions. Currently, there are no reported exploits for these vulnerabilities. However, for best security measures, Adobe recommends installation of updates within a period of thirty days.

 

The table below lists the vulnerabilities under consideration in this advisory.

 

 

 

AFFECTED PRODUCTS

Mentioned versions of the products listed below have been found to be vulnerable.

 

 

 

UPDATES

Apply relevant updates to your system:

 

  • Adobe Flash Player on Windows 10 for x64-based Systems (KB4343902)
  • Adobe Flash Player on Windows Server 2016 (KB4343902)
  • Adobe Flash Player on Windows 10 Version 1607
  • Adobe Flash Player on Windows 10 Version 1703
  • Adobe Flash Player on Windows 10 Version 1709
  • Adobe Flash Player on Windows 10 Version 1803
  • Adobe Flash Player on Windows 10 for 32-bit Systems (KB4343902)
  • Adobe Flash Player on Windows 10 Version 1607
  • Adobe Flash Player on Windows 10 Version 1703
  • Adobe Flash Player on Windows 10 Version 1709
  • Adobe Flash Player on Windows 10 Version 1803
  • Adobe Flash Player on Windows RT 8.1 (KB4343902)
  • Adobe Flash Player on Windows 8.1 for x64-based systems (KB4343902)
  • Adobe Flash Player on Windows Server 2012 R2 (KB4343902)
  • Adobe Flash Player on Windows 8.1 for 32-bit systems (KB4343902)
  • Adobe Flash Player on Windows Server 2012 (KB4343902)

 

 

It is best to update the running versions of the affected products as per the advisory. Furthermore, if you think you are a victim of a cyber-security attack. Immediately send an email to info@rewterz.com for a rapid response.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.