Adobe has issued an advisory warning of the zero-day flaw (CVE-2015-0313), a previously unknown point of vulnerability within the latest version (version 126.96.36.1996), as well as earlier versions of its Flash Player plugin. If exploited, this download attack causes a system crash that allows the attacker to take control of the affected system. Unfortunately this kind of attack is quite commonly and actively used; at this point the download attack has been actively linked to maladvertising against Internet Explorer and Firefox users, on either Windows, Mac or Linux (versions 188.8.131.520 and earlier).
Though updates have been made available for manual download, the next steps for Adobe Flash users have not been made completely clear. Krebson Security suggests that Windows users using browsers other than Internet Explorer may need to apply the patch twice, once with IE and once with the alternate browser. However, users of IE and Chrome should also auto-update their versions of Flash. For a vulnerability that Adobe categorizes as critical, much is still left unclear.
Luckily, folks enrolled in our Third Party Software Update program (TPSU) have nothing to fear; they are fully protected. And this TPSU program is far from expensive; in fact, for our current customers in good standing, this program is completely free. Simply read the activation instructions here.
For those that don’t know, TPSU is your automatic updater, pushing current versions of applications onto your system, unless users have made individual exceptions. The service runs just after each round of standard Workstation patching and after the round of standard Server patching. The schedule has been created this way to ensure that our users maintain the highest level of security, which unfortunately means that this schedule must be maintained, unless a zero-day vulnerability appears which will then be pushed out immediately.
The combination of the established TPSU schedule with the flexibility for immediate patching of zero-day vulnerability ensures that you, or customers, are always protected. And in a world that depends increasingly on technological systems, this constant security can make all the difference.