Patching in Review – Week 25
Todd Schell
Happy summer solstice, everyone! Thursday, June 21, marked the longest day of the year, and while the remaining days of the year will slowly lead us into an arctic wasteland in Minnesota, the patches keep flowing. We always have a slide ‘Between the Patch Tuesdays’ on our Patch Tuesday webinar, so we’ve decide to expand our blog and get the information to you as it occurs. Stay tuned for regular updates.
Security Releases
Microsoft released its quarterly cumulative updates for Exchange 2010, 2013, and 2016 on Wednesday, June 19, which cover 3 CVEs (CVE-2018-2768, CVE-2018-2806, CVE-2018-2801). Microsoft Exchange is using a custom implementation of Oracle Outside in its libraries and could allow disruption of service through user interaction. See Microsoft’s advisory for further details.
These quarterly updates also have some new prerequisites of .Net 4.7.1 and VC++ 2013 runtime library, so be sure to apply those prerequisites before you patch your Exchange servers! See the Microsoft Exchange team’s blog post for further details.
OS Non-Securities
Last week Microsoft released their quality preview rollups for the month. Interestingly, all supported operating systems were updated except Windows 10 1803, so we might expect that to release before next Patch Tuesday.
- Windows 10 1607/Server 2016 still has the May servicing stack (KB4132216) as a prerequisite, so be sure to apply that first
These patches contain a preview of the numerous bug fixes that will be included in the Patch Tuesday security monthly rollup. This provides a great opportunity to roll out the update to a test group before the next patching cycle.
Third-Party Updates
As always, a series of third parties updated this week. Even though these updates do not have any CVEs, they may still have undisclosed security fixes as well as helpful stability fixes for your organization. Here are the updates we released in our content two weeks ago:
|
Software Title |
Ivanti ID |
Ivanti KB |
|
Beyond Compare 4.2.5.23088 |
BEYOND-004 |
QBC42523088 |
|
Citrix Receiver 4.9.3000, LTSR Cumulative Update 3 |
CTXR-014 |
QCTXR493000 |
|
Dropbox 52.4.58 |
DROPBOX-085 |
QDROPBOX52458 |
|
FileZilla Client 3.34.0 |
FILEZ-073 |
QFILEZ3340 |
|
GoodSync 10.9.2 |
GOODSYNC-088 |
QGS1092 |
|
GoToMeeting 8.29.1 |
GOTOM-045 |
QGTM829 |
|
HipChat 4.30.6.7676 |
HCHAT-023 |
QHCHAT43061676 |
|
LibreOffice 6.0.5 |
LIBRE-098 |
QLIBRE605 |
|
LogMeIn 4.1.11340 |
LMI-010 |
QLMI4111340 |
|
Visual Studio 2017 version 15.7.4 |
MSNS18-0618-VS2017 |
QVS20171574 |
|
Opera 53.0.2907.106 |
OPERA-170 |
QOP5302907106 |
|
RealVNC Connect 6.3.0 |
RVNC-024 |
QRVNC630 |
|
Skype 8.24.0.2 |
SKYPE-137 |
QSKY82402 |
|
Snagit 2018.2.0 |
SNAG-016 |
QSNAG1820 |
|
Cumulative Update 12 for SQL Server 2014 SP2 |
SQL2014SP2-CU12 |
Q4130489 |
|
Cumulative Update 8 for SQL Server 2017 |
SQL2017RTM-CU08 |
Q4338363 |
|
TortoiseHG 4.6.1 |
TOHG-016 |
QTOHG461 |
|
WinSCP 5.13.3 |
WINSCP-019 |
QWINSCP5133 |
More Patch Resources:
- Patch Tuesday Blogs
- Patch Tuesday Resource Page: Infographics, presentations, webinars, etc.
- Ivanti Security Products
