Patching in Review – Week 47 of 2019

Fallout from Patch Tuesday rolled into this week with Microsoft announcing a new issue surrounding Access databases. According to Microsoft’s support article, after systems were updated with specific Microsoft Office November Patch Tuesday patches, the end user would get an error stating “Query is Corrupt” in all versions of Access. As of writing this, Microsoft has released KB4484198 for Office 2016 MSI instances, but has yet to release updates for 2010 and 2013 installations. Interestingly enough, there was a release for all branches of O365 at the end of the week, but no documentation currently reflects the fix.

In the news, numerous security vulnerabilities have been found in four popular VNC titles. According to The Hacker News, Kaspersky discovered a total of 37 vulnerabilities throughout the products, some of which have existed over the last 20 years. Many of these vulnerabilities, if exploited, could lead to the attacker gaining control of the system where arbitrary commands could be executed on the endpoint. UltraVNC topped the list with a massive 22 vulnerabilities alone. Keep an eye out for releases on these software titles soon so your affected environments can be protected as soon as possible.

Security Releases

Google released a security update for its Chrome browser under version 78.0.3904.108, with a total of five security fixes. Two of the security fixes were assigned CVEs with “High” severity where an attacker could leverage the Bluetooth functionality to execute arbitrary code on the system. Let’s just hope this update doesn’t have any experimental features enabled on it like the last Chrome release!

Third-Party Updates

There might have only been a single security release for the week, but that’s far from all the updates we released in our content. Here’s a list of the non-security patches over this week to take note of: