Patching in Review – Week 32

As Patch Tuesday looms ahead, it’s worth looking back on how eventful the month of July has been. We’ve had security releases from nearly every major vendor between the Tuesdays. These vendors include Oracle, Wireshark, Foxit, Google, and Mozilla, with a grand total of 149 CVEs! July was a seriously dense month indeed.

If your patch cycle is limited to a monthly basis, the above third-party applications are currently vulnerable in your environment. Get these updates included on your next push to ensure your environments are as secure as possible.

Don’t forget to register for our Patch Tuesday Webinar for in-depth coverage and analysis!

Security Releases

Mozilla is rounding out the bunch with the release of Thunderbird 60. This update is currently only being offered as a direct download with the built-in updater not offering an upgrade path.

This release remediates 14 CVEs, with five classified as critical. Some of the vulnerabilities might look familiar, and you’d be right to think so. Nine of the vulnerabilities are shared with the previous 52.9 release, most likely due to Mozilla’s direct-download requirement. Notably, CVE-2018-5187 is a critical CVE shared with Firefox 61 where memory corruption could be used to run arbitrary code.

Here’s a list of the CVEs and their color-coded severity:

Further details are available on Mozilla’s security advisory page.

Third-Party Updates

As always, a series of third parties updated this week. Even though these updates do not have any CVEs, they may still have undisclosed security fixes as well as helpful stability fixes for your organization. Here are the updates we released in our content this week:

More Patch Resources:

• Patching in Review – Week 31
• Patching in Review – Week 30
• Patching in Review – Week 29
• Patching in Review – Week 27
• Patching in Review – Week 26
• Patching in Review – Week 25
• Patch Tuesday Blogs
• Patch Tuesday Resource Page
• Ivanti Security Products