August 2015 Security Updates Summary

Yesterday Microsoft released its monthly security updates to resolve 57 CVEs (definition of the term CVE). Further details are provided in their Security Bulletin Summary.

At the time of writing this summary details known issues for 2 security bulletins MS15-081 (Microsoft Office) and MS15-082 (Windows RDP). The known issues for Office involve no longer being able to access online document templates if the security update mentioned within the bulletin is not installed. The RDP known issue mentions that in some cases, the computer on which the update is installed may need to be restarted twice for the update to complete the installation.

Another source for details of issues encountered with Microsoft security updates is the IT Pro Patch Tuesday blog. At the time of writing, no issues have been posted.

Mozilla Firefox was updated (to version 40.0, resolves 18 CVEs, 8x critical severity, 8x high, 2x moderate) and Firefox ESR (to version 38.2, resolves 17 CVEs, 7x critical severity, 9x high, 1x moderate). Among the issues addressed by Mozilla were the Stagefright media playback issues. Details of how to install updates for Firefox are here.

Finally Adobe issued updates to Flash Player to resolve 35 CVEs. Flash Player updates for Linux, Apple Mac OS X and Windows are available from this link (which can be used if you don’t have automatic updating enabled or simply wish to install the update as soon as possible). Users of Google Chrome have received (I have confirmed this) this Flash update within this Chrome update. Microsoft has announced the availability of their Flash update by updating this security advisory for users of Internet Explorer 10, 11 and Microsoft Edge installed on Windows 8.0, 8.1 and Windows 10 (respectively).

You can monitor the availability of security updates for the majority of your software from the following website (among others) or use Secunia PSI:

—————-
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the Protecting Your PC page):
https://www.us-cert.gov/
—————-

If you use any of the above software, please install the appropriate updates as soon as possible.

Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

Since the Adobe Flash Player update resolves 35 CVEs some of which are likely to be exploited very quickly by exploit kits (exploit kit, defined) should be installed first. The next priority updates should be Mozilla Firefox since it address multiple critical and high severity flaws.

These should be followed by Microsoft Office, Internet Explorer, Microsoft Edge, Windows Mount Manager and Microsoft Graphics Component due to their critical severities. The Mount Manager update should be prioritized since it addresses an issue that could allow arbitrary code to be executed from a USB storage device attached to a Windows system and is being used in targeted attacks.

One other security pre-caution that you may wish to take if you have Microsoft EMET installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of July’s Update Summary.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s