Patching in Review – Week 30

Although we find ourselves in between Patch Tuesdays once again, vendors haven’t stopped releasing software updates. Let’s dive right into the never-ending flow of remediations and bug fixes for our favorite software titles.

Our security team recommended an article from KrebsOnSecurity.com this week. This article covers the success Google has had preventing phishing attacks since early 2017 when they implemented Security Keys in place of two-factor authentication. End users can be the greatest vulnerability to your business, so any measures taken around secure access will pay dividends.

Security Releases

Speaking of Google, Chrome 68 released this week with the heavily anticipated change to mark non-https sites as “Not Secure”. On February 8, 2018, the Google Security Blog announced that “A secure web is here to stay” where Chrome would double down on the current informational notification with a more explicit label. With the release of the aforementioned feature, a new blog post announces an expansion of this notification with a warning whenever data is entered on an unsecure site coming in Chrome 70.

Alongside this expected change, Chrome 68 also includes a total of 42 security fixes, with 32 CVEs and nearly $25,000 awarded to respective researchers. Although there are no CVEs marked as critical, be sure to update your environments as a web browser can be an easy point of entry with heavy user interaction.

Further details can be found in Google’s blog post.

Third-Party Updates

Here are the other updates we released in our content this week. These updates might not have CVEs, but they may still have helpful stability fixes as well as undisclosed security fixes:

More Patch Resources:

• Patching in Review – Week 29
• Patching in Review – Week 27
• Patching in Review – Week 26
• Patching in Review – Week 25
• Patch Tuesday Blogs
• Patch Tuesday Resource Page
• Ivanti Security Products