June 2015 Security Updates Summary

Earlier today, Microsoft made available its monthly security updates for update Tuesday resolving 45 CVEs. Details of the affected products are provided in their Microsoft Security Bulletin Summary. This page also details any Known Issues for these security updates. At the time of writing, no issues are present. An excellent source for information on issues that arise from installing these updates is the IT Pro Patch Tuesday blog.

If you have not encountered the term CVEs before, please see the first short aside within this blog post for an explanation.

Also today, Adobe made available Flash Player v18.0.0.160 and Adobe AIR v18.0.0.144 to resolve 14 CVEs. Further details are provided in their Security Bulletin.

Later this week, Thursday 11th June OpenSSL is expected to make available security updates to resolve moderate security issues in their popular cryptography toolkit. I will update this post when more details are available.

Update: 11th June 2015:
OpenSSL released a security advisory today to resolve 7 CVEs one of which was a workaround for the Logjam security flaw. The change made to resolve this flaw was to reject Diffie-Hellman handshake requests for parameters shorter than 768 bits. A later release of OpenSSL will extend this to 1024 bits. I would advice updating your OpenSSL installations as soon as possible to mitigate these vulnerabilities (usually by using your Linux package manager to install the applicable updates).

As always you can monitor the availability of security updates for the majority of your software from the following websites (among others) or Secunia PSI:

—————-
Security Updates Calendar: (please see the heading “Information on Security Updates” within the Protecting Your PC page):
http://www.calendarofupdates.com/updates/index.php?act=calendar

At the time of writing the Calendar of Updates site is down but should be back up soon.

Edit: 21st June 2015:
I have learned that the Calendar of Updates website is now permanently offline. Some members of that website along with new members/volunteers are working to set up a new version as soon as possible. I will monitor their progress and will provide the link to the new website when it’s available. In the meantime, please use Secunia PSI, refer to the US-CERT link below or refer to the heading “Information on Security Updates” within the Protecting Your PC page.

US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the Protecting Your PC page):
https://www.us-cert.gov/
—————-

If you use any of the above software, please install the appropriate updates as soon as possible. I would recommend installing Adobe’s Flash Player and Adobe AIR updates as soon as possible along with Microsoft’s updates for Internet Explorer, Windows Media Player, Microsoft Office (since opening a malicious file is enough to trigger an exploit) and Windows Kernel Mode Drivers due to their severity (in addition the kernel mode driver issue CVE-2015-2360 has already seen exploitation). The issues resolved by Adobe’s updates are often quickly exploited after they are made public.

As a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s