Adobe March 2023 Patch Day

Adobe patches 106 security leaks on March 2023 Patch Day. One of the vulnerabilities in Adobe ColdFusion is already being abused by cybercriminals in attacks. IT managers should therefore quickly download and install the available updates.

Of the 106 vulnerabilities, four affect Adobe Commerce, 18 Adobe Experience Manager, five Adobe Illustrator, 58 Adobe Dimension, one Adobe Creative Cloud Desktop App, 16 Adobe Substance 3D Stager, one Adobe Photoshop and finally three Adobe ColdFusion.

Adobe reports that attackers have already "attacked one of the ColdFusion vulnerabilities to a limited extent". However, this is not the critical vulnerability with the CVE number CVE-2023-26359, which the updates close, but an insufficient access control in the software (CVE-2023-26360, CVSS 8.6, risk high).

The manufacturer names other critical security gaps, some of which deviate from the CVSS risk classification, which allow attackers to execute smuggled code, for example. The vulnerabilities can be found in Adobe Illustrator, Adobe Dimension, Adobe Creative Cloud Desktop App and Adobe Photoshop. These programs should therefore be supplied with the updates particularly quickly.

Administrators should promptly download and install the updates for the other vulnerable programs. On the February Patch Day, Adobe had significantly fewer security gaps to close, and there were no zero-day gaps there either.