Now that the dust has settled from another Patch Tuesday, we find ourselves in the grind.

In current events, The Hacker News covered a new malware “Suite” dubbed XBash. This malware, discovered by Palo Alto Networks, appears to be an all-in-one attack, combining all the latest capabilities in one package. XBash includes not only ransomware functionality, but also cryptocurrency mining and bot net features. To make matters worse, the malware appears to contain worm-like ability like some of the more infamous malware that we have seen over the last year.

Free White Paper: Cybersecurity for Today's Extreme Threats

Many malware titles initially infect through user-targeted attacks, but an up-to-date environment can limit infection spread. Wanna-Cry and Petya propagated over the unpatched SMB protocol and those who patched their environments quickly and thoroughly limited the spread.

Microsoft also released its OS and .net non-securities this week. Each patch contains numerous stability fixes, so be sure to review the links below for relevant information:

OS

.Net

Windows 7/Server 2008 R2

KB4457139

KB4458611

Server 2012

KB4457134

KB4458612

Windows 8.1/Server 2012 R2

KB4457133

KB4458613

Windows 10 1607/Server 2016

KB4457127

Windows 10 1703

KB4457141

Windows 10 1709

KB4457136

Windows 10 1803

KB4458469

Security Releases

Adobe surprised us with a pre-notification bulletin for its Acrobat line on Monday, with a series of updates due to release on Wednesday. In APSB18-34, Adobe provided updates for Acrobat 2015, Acrobat 2017, and Acrobat DC alongside its corresponding reader applications.

A total of seven CVEs are addressed in this group of updates, with every CVE applying to all branches. CVE-2018-12848 has the highest severity classification of Critical where malicious code could be executed through an out-of-bounds write exploit. The other six CVEs are classified as Important where an attacker could read private data through an out-of-bounds read.

Make sure to expedite the updates of this common software as attackers tend to use more than one exploit to compromise a system and this opens one more opportunity for a successful attack.

Further details can be found on Adobe’s Security Bulletin (APSB18-34)

Third-Party Updates

Of course, other vendors have been releasing updates for their respective software. While these updates might not have identified vulnerabilities, they still have helpful stability fixes as well as potential undisclosed security fixes:

Software Title

Ivanti ID

Ivanti KB

Apache Tomcat 7.0.91

TOMCAT-120

QTOMCAT7091

Azure Information Protection Client 1.37.19.0

AIPC-006

QAIPC137190

Camtasia 2018.0.4

CAMTA-008

QCAMTASIA1804

CCleaner 5.47.6716

CCLEAN-069

QCCLEAN5476716

Cisco WebEx Meeting Center 32.15.20.112

WMC-012

QWMC321520112

FileZilla Client 3.37.1

FILEZ-078

QFILEZ3371

GOM Player 2.3.33.5294

GOM-017

QGOM23335294

Google Chrome 69.0.3497.100

CHROME-235

QGC6903497100

LogMeIn 4.1.11660

LMI-012

QLMI4111660

Malwarebytes 3.6.1.2711

MBAM-012

QMBAM3612711

Microsoft Power BI Desktop 2.62.5222.761

PBID-039

QBI2625222761

Mouse and Keyboard Center 10.4.0

MMKC-003

QMKC1040

Nitro Pro 12.4.0.259

NITRO-016

QNITRO1240259

Plex Media Player 2.19.1

PLXP-021

QPLXP2191

TeamViewer 12.1.29852

TVIEW-037

QTVIEW121298520

TortoiseHG 4.7.1

TOHG-019

QTOHG471

Visual Studio 2017 version 15.8.5

MSNS18-0920-VS2017

QVS20171585

Webex Productivity Tools 33.0.3.72

WPT-022

QWPT330372

More Patch Resources: