Patching in Review – Week 41 of 2019
Brian Secrist
Happy Cybersecurity Awareness Month, everyone! With yet another unexpected IE release this week, I can’t think of a better way to usher in the month! As we prepare for the upcoming Patch Tuesday, make sure you’re registered for our webinar to get our analysis on high profile vulnerabilities and known issues.
After September’s Patch Tuesday, we’ve been lucky enough to get a slow week. Hopefully in the next coming weeks, we can deploy with piece of mind for a change!
Of course, here are the quick links to stay up to date on any developing known issues:
- Windows 10 / Server 2019 / Server 2016
- Windows 8.1 / Server 2012 R2
- Server 2012
- Windows 7 / Server 2008 R2
- Server 2008
Patch Tuesday Follow-Up
For those who attended our Patch Tuesday Webinar, it was a relatively quiet month with very few known issues present. The rest of the week has been no different with a relatively quiet patching community.
Unexpectedly, the iTunes and iCloud security patch released on Tuesday has been promoted to a remediate a zero-day vulnerability! Morphisec discovered the vulnerability in Apple Software Update where an unquoted path has been exploited. This attack can go easily undetected as the malicious process will display as a child of the signed Apple executable. Morphisec also noted Apple Software Update is a separate component that needs to be uninstalled separately and many endpoints contained this out-of-date software.
Security Releases
Google finishes out Patch Tuesday week with Chrome 77.0.3865.120 with eight security fixes. Of the vulnerabilities, five have been assigned CVEs with “High” severity. Make sure to get this update rolled into the patching cycle this weekend.
Third-Party Updates
Of course, other vendors have been releasing updates for their respective software. While these updates might not have identified vulnerabilities, they still have helpful stability fixes as well as potential undisclosed security fixes:
|
Bulletin title |
Bulletin ID |
KB |
|
Adobe Flash Player 32.0.0.270 |
AFP32-00270 |
QAF3200270 |
|
Beyond Compare 4.3.0.24364 |
BEYOND-010 |
QBC43024364 |
|
DropBox 82.4.156 |
DROPBOX-122 |
QDROPBOX824156 |
|
Firefox 69.0.3 |
FF19-022 |
QFF6903 |
|
iTunes 12.10.1 |
AI19-006 |
QAI12101 |
|
Node.JS 8.16.2 (LTS Lower) |
NOJSLL-007 |
QNODEJSLL8162 |
|
Notepad++ 7.8 |
NPPP-094 |
QNPPP78 |
|
Opera 64.0.3417.47 |
OPERA-231 |
QOP640341747 |
|
Opera 64.0.3417.54 |
OPERA-232 |
QOP640341754 |
|
Plex Media Server 1.18.0.1913 |
PLXS-047 |
QPLXS11801913 |
|
Skype 8.53.0.85 |
SKYPE-168 |
QSKY853085 |
|
Slack Machine-Wide Installer 4.1.1 |
SMWI-036 |
QSLACK411 |
|
Tableau Prep Builder 2019.3.2 |
TABPREPB19-006 |
QTABPREPB201932 |
|
Thunderbird 68.1.2 |
TB19-6812 |
QTB6812 |
|
Visual Studio Code 1.39.0 |
MSNS19-1010-CODE |
QVSCODE1390 |
|
Visual Studio Code 1.39.1 |
MSNS19-1011-CODE |
QVSCODE1391 |
