SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Microsoft Patch Tuesday
Description: Microsoft released its monthly security update Tuesday, disclosing just over 110 vulnerabilities across its products. This is a slight jump from last month, when Microsoft disclosed one of their lowest vulnerability totals in months. Eighteen of the vulnerabilities are considered "critical" while the vast remainder are ranked as "important," with two also considered of "low" importance. Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs. The security updates cover several different products and services, including the HEVC video file extension, the Azure Sphere platform and Microsoft Exchange servers.
Snort SIDs: 56161 - 56264, 56230, 56231, 56254, 56255, 56286 - 56289, 56295, 56296, 56309, 56301 - 56305, 56310 and 56312
Title: Adobe issues security updates for Acrobat Reader
Description: Adobe recently disclosed multiple vulnerabilities in its Acrobat PDF Reader, including for both desktop and Android versions. Among them are a heap buffer overflow and use-after-free vulnerability that Cisco Talos researchers discovered. Acrobat reader integrates into web browsers as a plugin for rendering PDFs. As such, tricking a user into visiting a malicious web page or sending a specially crafted email attachment can be enough to trigger these vulnerabilities. There is also a bug that's considered "important" in all Android versions of Acrobat that could allow an adversary to disclose sensitive information on an affected device.
Snort SIDs: 53563, 53564, 55842, 55843