Good news, everyone! The world of security is alive and well with new vulnerabilities remediated every day. Alongside two security releases this week, Microsoft has re-released two of their mid-month non-security patches.

Dark Reading published an article this week covering a new rootkit type found in the wild. ESET discovered the malware, titled LoJax, installed within a system’s firmware, making it the first UEFI rootkit ever discovered in the wild. Considering this, the necessity around using hardware-level measures, such as Secure Boot, just became much more critical.

Free White Paper: Cybersecurity for Today's Extreme Threats

Security Releases

The star of the show this week is another huge release by Foxit with a potential total of 123 vulnerabilities! Currently, thirty of these have a CVE assigned, with the other 93 cataloged within Trend Micro’s Zero Day Initiative. Each ZDI will be published on their database with a corresponding CVE, so the severity of the patch could increase with time.

Further details are available on Foxit’s Security Bulletins.

Late last Friday, Mozilla released an update for both Firefox and Firefox ESR. Both updates share CVE-2018-12385 where an attacker could write data to a system’s local cache in conjunction with another vulnerability. Firefox ESR comes in with an additional low severity CVE that was previously remediated in the higher branch.

Here are the release notes for both branches:

Windows 10 Non-Security Re-Releases

This week, Microsoft unexpectedly re-released their non-security updates for Windows 10 on the 1709 (KB4457136) and 1803 (KB4458469) branches. Each patch has had its minor version incremented with an addition to the update notes stating that each re-release occurred due to a missing solution. If either of the patches below has been distributed to your endpoints, make sure to deploy this update as soon as possible.

Third-Party Updates

These updates might not have CVEs, but they may still have helpful stability fixes as well as undisclosed security fixes. These are the updates we released in our content for the week:

Software Title

Ivanti ID

Ivanti KB

CDBurnerXP 4.5.8.7035

CDBXP-046

QCDBXP4587035

DropBox 58.4.92

DROPBOX-093

QDROPBOX58492

Evernote 6.15.3.7881

ENOT-011

QENOT61537881

GoodSync 10.9.9

GOODSYNC-095

QGS1099

GoToMeeting 8.34.1

GOTOM-050

QGTM8341

LibreOffice 6.1.2.1

LIBRE-102

QLIBRE612

Opera 56.0.3051.31

OPERA-184

QOP560305131

Plex Media Server 1.13.8.5395

PLXS-026

QPLXS11385395

Skype 8.31.0.92

SKYPE-144

QSKY831092

Snagit 2018.2.2

SNAG-019

QSNAG1822

VMware Workstation 15.0.0 Player

VMWP-038

QVMWP1500

VMware Workstation 15.0.0 Pro

VMWW-014

QVMWW1500

Webex Productivity Tools 33.0.4.79

WPT-023

QWPT330479

Zoom Client 4.1.33259

ZOOM-011

QZOOM4133259

More Patch Resources: