Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Bug Microsoft Software

Kaspersky Lab Finds Flash Vulnerability Through Microsoft Word (neowin.net) 50

An anonymous reader quotes a report from Neowin: Kaspersky Lab, which has been under fire by the U.S. government as possibly being an agent of the Russian government and spying on U.S. computers, has found a previously unknown bug in Adobe Flash that was apparently exploited by a hacker group on October 10. Adobe issued a patch to fix the bug today. According to Kaspersky, "the exploit is delivered through a Microsoft Word document and deploys the FinSpy commercial malware." The company worked with Adobe to get a patch ready as quickly as possible, with Adobe releasing it a few hours ago. Users and agencies running the following versions of Adobe Flash will need to update immediately, as the vulnerability has been labeled as critical. The patch updates all versions of Adobe Flash to version 27.0.0.170.
This discussion has been archived. No new comments can be posted.

Kaspersky Lab Finds Flash Vulnerability Through Microsoft Word

Comments Filter:
  • What?!!! (Score:4, Funny)

    by Anonymous Coward on Monday October 16, 2017 @05:51PM (#55379779)

    Those Russian basta... Oh, um, well, thank you for pointing out this vulnerability.

    • Those Russian basta... Oh, um, well, thank you for pointing out this vulnerability.

      Now that the US is pressuring people to dump their product, they should only tell their customers - at least for a week or two - when they find big new threat like this.

      Want the warnings in a timely fashion? Pay up! B-)

      • Stuff like this has limited value due to the delivery mechanism, particularly when your thinking at the level of "by a nation-state against a nation -state". It would feasibly be worthwhile to let the small stuff go through to build reputation while not disclosing larger / more widespread / network direct access exploits.

        I'm not saying anyone is innocent or guilty, just that something like this does not disprove any of the investigations.

    • by jbengt ( 874751 )
      Well, TFA said that the vulnerability was discovered by McAfee, so it probably has something to do with hookers and designer drugs, rather than Russians.
  • by Anonymous Coward

    or a bad one , either all their backdoors are being closed or they have a completely different set and all their rivals are being closed out.

    • by Anonymous Coward

      You presume there is just one TLA that does this. That is an incorrect assumption.

  • They want you to be vulnerable.

  • by Anonymous Coward

    Any updates from vmware or adobe how to use vCener client with latest version without crashing it ?

  • by tk77 ( 1774336 ) on Monday October 16, 2017 @06:23PM (#55379975)

    all cried out in frustration when the vCenter web client stopped working today due to flash suddenly crashing due to an automatic update.... and then further frustrated by the fact they'd have to manually drop back to the vulnerable 27.0.0.159 to actually administer their servers.

    Screw you Adobe. And screw you VMware for still only having a partially implemented HTML5 interface.

  • DON'T link word documents to flash content or create .docx with flash content or trust the idiots who do! It is the same thing as pissing in a sand box and then wondering why your clothes stink.
  • When did it find it?

    Who it shared this knowledge with so far?

    Why go public now?

    • > Why go public now?

      Because Flash hasn't had a critical vulnerability reported in almost a week, so it was overdue.

    • I think the better question is : have you seen any evidence whatsoever that Kaspersky is anything but what they have always represented* or are you just jumping on the "Russian Hackers! Trump is Illegitimate!" bandwagon?

      Please link evidence any you've seen - I've apparently missed the entirety of it.

      * Russian hackers straddling the white/greyhat line, selling an AV product based on that position.

  • by PPH ( 736903 ) on Monday October 16, 2017 @08:25PM (#55380525)

    To see that people are still using Flash.

  • Lol.... Who would run that shit on their PC?
  • Uninstall Flash. (Score:4, Insightful)

    by Gravis Zero ( 934156 ) on Monday October 16, 2017 @09:38PM (#55380801)

    If you still have a Flash plugin installed then now is the proper time to uninstall it.

"The pathology is to want control, not that you ever get it, because of course you never do." -- Gregory Bateson

Working...