Don’t Run Another Phish Test Until You Read This
Get Started Book a Demo

Security Advisory: Critical Patches in Adobe and Microsoft Products

19th July 2022 | Advisory, Blog, Sticky Security Advisory: Critical Patches in Adobe and Microsoft Products


microsoft and adobe security advisory
CyberHoot Vulnerability Alert Management Process (VAMP) Rating: Critical/Red July 19th, 2022: CyberHoot has learned of multiple Microsoft and Adobe vulnerabilities that can allow for Remote Code Execution (RCE) on your devices that use their products. Continue reading to learn what the specific details are for Microsoft and Adobe products.  

Microsoft Vulnerabilities

The Microsoft vulnerabilities are tracked under CVE-2022-22047 where the most severe of which could allow for Remote Code Execution in an already logged-on user. Depending on the privileges associated with the user, a hacker could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The vulnerabilities affect multiple Microsoft products including, but not limited to, Azure, BitLocker, Skype, and Edge. For the entire list of the 40-50 specific Microsoft products affected, head to CISecurity’s advisory to see the whole list.  

What Should You Do? 

CyberHoot recommends that the following actions be taken to secure your Microsoft software and company systems:

  • Install the updates provided by Microsoft immediately. It’s best to try and update anything Microsoft-related right away. 
  • Run all software as a non-privileged user (without administrative privileges) to reduce the effects of a successful attack.
  • Train users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

Adobe Vulnerabilities

Multiple vulnerabilities have been found in Adobe products, where the most severe can result in Remote Code Execution (RCE). Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The list of affected Adobe Products are listed below: 

  • Adobe RoboHelp RH202.0.7 and earlier versions for Windows and macOS
  • Adobe Acrobat DC and Adobe Acrobat Reader DC 22.001.20142 and earlier versions for Windows and macOS
  • Adobe Acrobat 2020 and Acrobat Reader 2020 20.005.30334 and earlier versions for Windows
  • Adobe Acrobat 2020 and Acrobat Reader 2020 20.005.30331 and earlier versions for macOS
  • Adobe Acrobat 2017 and Acrobat Reader 2017  17.012.30229 and earlier versions for Windows
  • Adobe Acrobat 2017 and Acrobat Reader 2017 17.012.30227 and earlier versions for macOS
  • Adobe Character Animator 2021 4.4.7 and earlier versions for Windows and macOS
  • Adobe Character Animator 2022 22.4 and earlier versions for Windows and macOS
  • Adobe Photoshop 2021 22.5.7 and earlier versions for Windows and macOS
  • Adobe Photoshop 2022 23.3.2 and earlier versions for Windows and macOS

What Should You Do?

CyberHoot recommends that the following actions be taken to secure your Adobe software and company systems:

  • Install the updates provided by Adobe immediately.
    • Go to your Adobe Creative Cloud app
      • Under Apps, Click Updates
      • Click Update All in top right corner
    • Go to any Adobe Application
      • Click the Help menu (top of your screen)
      • Click Updates
      • You will be prompted to update the software
  • Run all software as a non-privileged user (without administrative privileges) to reduce the effects of a successful attack.
  • Train users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.
You have a Vulnerability Alert Management Process, right?

If you’re a subscriber to CyberHoot’s services, you’ll have access to our Policy and Process library which contains the vulnerability alert management process document. This document prescribes how to respond to situations like this and in what time frame. If your company has not yet adopted a VAMP-like process, now is a great time to get started.

Sources
Center for Internet Security (CIS) – Microsoft Advisory

Center for Internet Security (CIS) – Adobe Advisory

Secure your business with CyberHoot Today!!!


Sign Up Now

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Stopping Token Theft: How Microsoft’s Protections Prevent BEC Attacks
5th August 2025 | Blog

Stopping Token Theft: How Microsoft’s Protections Prevent BEC Attacks

Welcome to our two-part blog series on Microsoft’s new email security enhancement now included in Office 365 P1...

Read more
Why Hackers Love MSPs and What We’re Gonna Do About It
29th July 2025 | Blog

Why Hackers Love MSPs and What We’re Gonna Do About It

"Being an MSP today is like wearing a neon sign that says, ‘Hack me! I’m the gateway to 100...

Read more
Stop the Swap: How to Protect Yourself from SIM Swapping Attacks
15th July 2025 | Blog

Stop the Swap: How to Protect Yourself from SIM Swapping Attacks

Ever had your phone suddenly lose service for no reason, followed by a flood of “reset your password”...

Read more
Get Started All Posts