Patching in Review – Week 2 of 2020
Brian Secrist
This week we can christen 2020 with our fist zero-day! Other patching news has been relatively quiet this week so let’s get to it.
To play a bit of catch up, I’m coming in with the whole month of January. Please see the other articles below to get prepared for February’s patch week!
Security Releases
The highest profile releases this week are awarded to Firefox with not just one, but two releases including a zero day! Firefox and Firefox ESR initially released under version 72.0 and 68.4.0, but the next day released 72.1 and 68.4.1. The actively exploited vulnerability, CVE-2019-17206, details a flaw in the IonMonkey JIT compiler where an attacker can execute code within the application sandbox. This update comes 7 months after the Mozilla’s last patch containing a pair of zero-day vulnerabilities.
Third-Party Updates
The second week of the year has proven to be far more active with a substantial list of non-security patches. Review the list below for any patches relevant to your environment.
|
Software Title |
Ivanti ID |
Ivanti KB |
|
AIMP 4.60.2169 |
AIMP-200109 |
QAIMP4602169 |
|
BlueJeans 2.18.39.0 |
JEANS-200106 |
QBJN218390 |
|
Cumulative Update 1 for SQL Server 2019 |
SQL2019-CU01 |
Q4527376 |
|
Dropbox 88.4.172 |
DROPBOX-200107 |
QDROPBOX884172 |
|
Google Backup and Sync 3.47.8667.1399 |
GSYNC-200109 |
QGBS34786671399 |
|
Google Chrome 79.0.3945.117 |
CHROME-200107 |
QGC7903945117 |
|
Node.JS 10.18.1 (LTS Lower) |
NOJSLL-200109 |
QNODEJSLL10181 |
|
Node.JS 12.14.1 (LTS Upper) |
NOJSLU-200108 |
QNODEJSLU12141 |
|
Node.JS 13.6.0 (Current) |
NOJSC-200108 |
QNODEJSC1360 |
|
Opera 66.0.3515.27 |
OPERA-200108 |
QOP660351527 |
|
PDF-Xchange PRO 8.0.336.0 |
PDFX-200107 |
QPDFX803360 |
|
Plex Media Player 2.48.0 |
PLXP-200108 |
QPLXP2480 |
|
Plex Media Server 1.18.4.2171 |
PLXS-200107 |
QPLXS11842171 |
|
Snagit 2020.1.0 |
SNAG20-200107 |
QSNAG2010 |
|
Thunderbird 68.4.1 |
THUNDERBIRD-200110 |
QTB6841 |
