Monthly security update addresses two dozen vulnerabilities, including one being exploited as part of the "Sandworm" cyberattack.
An Internet Explorer 8 vulnerability goes unfixed by Microsoft for more than half a year, reports the Zero Day Initiative.
Adobe and Microsoft patch a critical zero-day security flaw in Adobe's Flash Player that is actively being used to target Windows users, but the bug is different from an unpatched hole in Internet Explorer.
The flaw, which is being leveraged in "limited, targeted attacks," allows remote code execution, Microsoft warns.
In lieu of a fix, Microsoft offers workarounds to combat the bug that has left browser users open to attacks.
A fix for a vulnerability hitting Internet Explorer versions 6 through 8 will be rolled out today at 10 a.m. PT.
Next week's patches will shore up holes in Windows and Office, but a permanent fix for the latest bug in Internet Explorer is still in the works.
Google wants technology firms to cut down on the amount of time it takes to fix zero day vulnerabilities, but some are crying foul.
Adobe is scheduled to release updates to Acrobat and Reader that address a zero-day flaw in the software that could allow an attacker to take control of a compromised system.
Adobe Systems to fix Flash Player and Adobe Reader and Acrobat holes during the week of October 4.