Also top of mind this patch Tuesday is the breach at Adobe that may have revealed both customer information (including credit card data) and source code for Adobe products. Reportedly, account data including customer ID’s as well as encrypted passwords for 2.9 million users were stolen. Brian Krebs and Alex Holden first reported they discovered a 40 GB source code trove stashed on a server that included code for ColdFusion and Acrobat. Unfortunately, we have seen zero-day exploits in Adobe products on a regular basis and now with source code available for cyber criminals, we can expect to see an increase in Adobe-related zero-day issues for the foreseeable future.
Microsoft released eight patches this October Patch Tuesday - four critical and four important. The vulnerabilities in IE have been patched thankfully and the bulk of the October issues do not impact the current code base. Paul Henry, security and forensics analyst at Lumension, provides more on the updates.