Adobe 's scheduled October update for its Acrobat and Reader PDF software addresses Vulnerability-related.PatchVulnerability 85 vulnerabilities , including dozens of critical flaws that allow arbitrary code execution . The patches also address Vulnerability-related.PatchVulnerability multiple privilege-escalation and information-disclosure flaws , shoring up Adobe 's PDF software further following a patch for a critical Acrobat and Reader flaw plugged Vulnerability-related.PatchVulnerability two weeks ago . The bugs affect Vulnerability-related.DiscoverVulnerability Acrobat DC and Reader versions 2018.011.20063 and earlier from Adobe 's continuous track , Acrobat 2017 and Acrobat Reader 2017 2017.011.30102 , and Acrobat DC and Reader DC versions 2015.006.30452 and earlier from Adobe 's classic 2015 track . The flaws affect Vulnerability-related.DiscoverVulnerability the software running on Windows and macOS systems . This update Vulnerability-related.PatchVulnerability is the largest set of fixes Adobe 's PDF software since it swatted Vulnerability-related.PatchVulnerability 105 vulnerabilities in July . However , fortunately the company says it is not currently aware Vulnerability-related.DiscoverVulnerability of any exploits in the wild for bugs fixed Vulnerability-related.PatchVulnerability in this update Vulnerability-related.PatchVulnerability . Users and admins nonetheless should install fixed versions , according to Adobe , because if an attacker developed an exploit it could lead to arbitrary code execution in the context of the current user because the software is sandboxed . Since PDFs are still widely used in the enterprise , hackers continue to develop new techniques to break the sandbox by combining PDF attacks with operating system flaws . This happened earlier this year , prompting a warning Vulnerability-related.DiscoverVulnerability from Adobe in May after it was informed Vulnerability-related.DiscoverVulnerability by researchers at ESET and Microsoft that they 'd discovered Vulnerability-related.DiscoverVulnerability a malicious PDF using a zero-day remote code execution flaw in Reader with a sandbox-busting Windows privilege escalation flaw . Adobe credits researchers from Qihoo 360 , Cisco Talos , Beihang University , Palo Alto Networks , and Check Point for reporting Vulnerability-related.DiscoverVulnerability flaws patched Vulnerability-related.PatchVulnerability in the October update . Check Point researcher Omri Herscovici was responsible for reporting Vulnerability-related.DiscoverVulnerability 35 of this month 's bugs , all of which were information disclosure flaws .

Admins can now grab Cisco 's updates for 13 high-severity flaws affecting Vulnerability-related.DiscoverVulnerability gear that uses its IOS and IOS XE networking software . All the bugs have been rated as having a high security impact because they could be used to gain elevated privileges or jam a device with denial-of-service ( DoS ) attacks . The company also has fixes available Vulnerability-related.PatchVulnerability for 11 more flaws outlined in 10 advisories with a medium-severity rating , most of which also address Vulnerability-related.PatchVulnerability issues in IOS and IOS XE , the Linux-based train of Cisco 's popular networking operating system . The updates for the 13 high-severity IOS and IOS XE flaws are part of Cisco 's scheduled twice-yearly patch bundle for this software targeted for September . The company reported Vulnerability-related.DiscoverVulnerability this week that some IOS XE releases were among 88 Cisco products vulnerable to the DoS attack on Linux systems known as FragmentSmack . And earlier this month it plugged Vulnerability-related.PatchVulnerability a critical hard-coded password bug in its video surveillance software . None of the flaws in the latest advisory is known to have been used in attacks and Cisco is n't aware of any public disclosures . Some of the higher severity flaws include a DoS flaw affecting Vulnerability-related.DiscoverVulnerability the IOS XE Web UI , which could allow a remote attacker to trigger a reload of the device by sending special HTTP requests to the UI . An unauthenticated attacker could exploit this bug in IOS XE releases prior to 16.2.2 , while 16.2.2 and later require authentication . Another DoS flaw is rooted in the IPsec driver code of multiple Cisco IOS XE platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance ( ASA ) . The buggy code improperly processes malformed IPsec Authentication Header ( AH ) or Encapsulating Security Payload ( ESP ) packets . `` An attacker can exploit this vulnerability by using a crafted ESP or AH packet that meets several other conditions , such as matching the IPsec SA SPI and being within the correct sequence window , '' notes Cisco . This flaw affects Vulnerability-related.DiscoverVulnerability six ASR 1000 Series Aggregation Services Routers , and two 4000 Series Integrated Routers . Cisco notes Vulnerability-related.DiscoverVulnerability that its software is affected Vulnerability-related.DiscoverVulnerability if the system has been modified from its default state and configured to terminate IPsec VPN connections , such as LAN-to-LAN VPN , and remote access VPN , but not SSL VPN .

Microsoft 's new Outlook 2010 update ought to provide Vulnerability-related.PatchVulnerability the critical security fixes without the crashes . Microsoft has released Vulnerability-related.PatchVulnerability a new update for Outlook 2010 that should plug Vulnerability-related.PatchVulnerability its critical security flaws without causing crashes . Microsoft earlier this week warned that the 64-bit version of the security update KB 4461529 from its November Patch Tuesday was causing Outlook 2010 crashes . Despite the crashes , Microsoft warned users not to remove the update , which plugged Vulnerability-related.PatchVulnerability four remote code execution flaws that it said were more likely be exploited Vulnerability-related.DiscoverVulnerability . Until a new update was released Vulnerability-related.PatchVulnerability Microsoft recommended users try Outlook Web Access instead . As spotted by Woody Leonhard , Microsoft this week released Vulnerability-related.PatchVulnerability KB 4461585 for Outlook 2010 , which includes patches for the four flaws and should n't trigger crashes . Microsoft confirmed it does fix Vulnerability-related.PatchVulnerability the crash issues caused by KB 4461529 . The fixed update can be downloaded Vulnerability-related.PatchVulnerability from Microsoft 's download center and not the Microsoft Update Catalog . Microsoft cautions the update is only for the .msi edition of Office 2010 and not for Office 365 Home . `` Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer ( .msi ) -based edition of Office 2010 . It does n't apply to the Office 2010 Click-to-Run editions , such as Microsoft Office 365 Home , '' Microsoft notes . Microsoft has set out instructions for checking which edition you have in a blogpost . There are no further updates available Vulnerability-related.PatchVulnerability for the Outlook 2010 non-security updates KB4461522 and KB2863821 , which Microsoft pulled on Vulnerability-related.PatchVulnerability November 15 because they were causing crashes in Access and other apps . Microsoft recommended users uninstall both the updates .