Yesterday several independent security researchers found that a previously unpatched flaw in Adobe’s Flash Player application is being actively exploited. Since the flaw was not detected by Adobe, and there is no security patch available to fix it, the risk of falling victim to an attacker is high. The exploit is apparently being included in off-the-shelf security exploit kits that are available for a few hundred dollars in criminal-underground markets. The malware code to run the exploit is easily disguised in website advertising that a user may mouse over or click on. If the user has Flash Player installed and activated in their browser, the code will execute behind the scenes and download malware onto the machine without the users knowledge or permission. This is commonly referred to as a drive-by download.

Systems that are vulnerable are all versions of Windows that have Flash Player installed, with the exception of Windows 8.1.

Once Adobe releases a patch, we will test and then push the patch out to all TechCare covered Windows devices. Please ensure that users are aware of the risk and advise them to use safe-surfing habits and only go to legitimate business websites. We advise all users to configure the home page on their browser to something other than MSN, Yahoo, AOL, or other portal sites that may display infected advertisements

If you would like to learn about other ways that can help mitigate the threat, please call us at 517-679-3302 or email Helpdesk@MakingTechEasy.com