Microsoft has rolled-out Vulnerability-related.PatchVulnerability security updates to fix Vulnerability-related.PatchVulnerability a critical remote code execution flaw affecting Vulnerability-related.DiscoverVulnerability Windows Defender and other anti-malware products . Ahead of April 's Patch Tuesday , Microsoft has released Vulnerability-related.PatchVulnerability patches for the critical flaw , which affects Vulnerability-related.DiscoverVulnerability Microsoft Malware Protection Engine , or mpengine.dll , the core of Windows Defender in Windows 10 . `` An attacker who successfully exploited Vulnerability-related.DiscoverVulnerability this vulnerability could execute arbitrary code in the security context of the LocalSystem Account and take control of the system , '' warns Microsoft . `` An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights . '' Google Project Zero researcher Thomas Dullien , aka Halvar Flake , discovered Vulnerability-related.DiscoverVulnerability that attackers can trigger a memory-corruption issue in the engine if they can get Windows Defender and other affected Vulnerability-related.DiscoverVulnerability security products to scan a specially-crafted file . Microsoft warns there are many ways an attacker could achieve this , including placing the file on a website , in an email or instant message , on any site that hosts files , or in a shared directory . As with similar vulnerabilities reported Vulnerability-related.DiscoverVulnerability last year by the UK 's National Cyber Security Centre ( NCSC ) and Project Zero , an attack would be instant if the affected antivirus has real-time protection enabled . Although the patch is being released Vulnerability-related.PatchVulnerability before Microsoft 's monthly security update , the bug , CVE2018-0986 , is not an out-of-band patch as Microsoft updates Vulnerability-related.PatchVulnerability the engine as needed . Microsoft also notes that the default configuration for Microsoft 's anti-malware products in the enterprise is to automatically receive Vulnerability-related.PatchVulnerability updates .

This week , Adobe has released Vulnerability-related.PatchVulnerability its very first Patch Tuesday update bundle for the year 2019 . The Adobe January Patch Tuesday updates brought fixes for security vulnerabilities in Adobe Digital Editions and Adobe Connect . It has also released Vulnerability-related.PatchVulnerability patches for Flash Player , but they are not security fixes . This Tuesday , Adobe has rolled-out Vulnerability-related.PatchVulnerability scheduled monthly updates for its products . However , this time , it has particularly focused on Adobe Digital Editions and Adobe Connect for security fixes . Besides , the update bundle is relatively smaller , unlike the previous updates that addressed Vulnerability-related.PatchVulnerability tens of vulnerabilities . According to the security advisory , Adobe has fixed Vulnerability-related.PatchVulnerability an important security vulnerability in Adobe Digital Editions . Describing the problem , they stated , “ Successful exploitation could lead to information disclosure in the context of the current user. ” Reportedly , it ’ s an out of bounds read flaw ( CVE-2018-12817 ) that affected Vulnerability-related.DiscoverVulnerability the software version 4.5.9 and earlier for all platforms , i.e. , Windows , MacOS , Android and iOS . Users should ensure updating Vulnerability-related.PatchVulnerability their devices with the patched Adobe Digital Editions version 4.5.10 . In addition to the above , another important vulnerability existed in Vulnerability-related.DiscoverVulnerability Adobe Connect that could result in session token exposure . As stated in the advisory , the vulnerability ( CVE-2018-19718 ) could “ lead to exposure of privileges granted to a session. ” The vulnerability affected Vulnerability-related.DiscoverVulnerability the Adobe Connect versions 9.8.1 and earlier for all platforms . Users should , hence , ensure updating Vulnerability-related.PatchVulnerability their systems with the patched version 10.1 . Besides the two security fixes , Adobe have released Vulnerability-related.PatchVulnerability patches for Flash Player as well addressing Vulnerability-related.PatchVulnerability performance issues . As described in the Adobe advisory , “ Adobe has released Vulnerability-related.PatchVulnerability updates for Adobe Flash Player for Windows , macOS , Linux and Chrome OS . These updates address Vulnerability-related.PatchVulnerability feature and performance bugs , and do not include security fixes. ” The patched Flash Player version 32.0.0.114 has been rolled-out to be downloaded Vulnerability-related.PatchVulnerability across all platforms . This time , the update bundle did not address Vulnerability-related.PatchVulnerability security problems in Adobe Reader or Acrobat . However , the vendors already released Vulnerability-related.PatchVulnerability security fixes for them in the previous week . The patch addressed Vulnerability-related.PatchVulnerability two critical vulnerabilities ( CVE-2018-16011 and CVE-2018-16018 ) that could result in arbitrary code execution and privilege escalation respectively .