June 2016 Security Updates Summary

Yesterday Microsoft released their scheduled monthly security updates.

Microsoft’s updates consist of 16 security bulletins (not yet included is the upcoming Adobe Flash Player update (more details below)). These bulletins resolve 44 vulnerabilities more formally known as CVEs (defined).

One helpful point to note that should make deploying these updates easier is that Microsoft’s Security Bulletin Summary doesn’t list any Known Issues at this time. However please double check the IT Pro Patch Tuesday blog to ensure that there are no issues being experienced before you begin installing the new updates.

As briefly discussed above one of Microsoft’s bulletins relates to Adobe’s Flash Player update; however, that update will be made available later this week (scheduled to arrive on the 16th of June) according to Adobe). Similar to last month this update will resolve a zero day (defined) vulnerability that is currently being exploited. I will update this post when more information becomes available.

====================
Update: 17th June 2016:
As scheduled Adobe released an updated version of Flash Player to address the zero-day vulnerability currently being used by an APT (Advanced Persistent Threat) (defined) group to attack systems belonging high profile targets.

This update also addresses 35 other critical CVEs. For Google Chrome, I have confirmed that version 51.0.2704.103 released yesterday contains the appropriate updated version of Flash Player.

For Windows 8.1 and later Microsoft have released a security bulletin MS16-083 (which is not yet listed on their security bulletin page at the time of writing). It includes the same fixes within the above mentioned Adobe bulletin.

Depending on which version of Flash Player you have, please review the Adobe security bulletin or Microsoft bulletin as appropriate and apply the recommended updates. Google Chrome users will have the updated installed automatically alongside the updated version of Chrome. Further discussion of this update is available in this blog post.

Adobe also released a security bulletin for Adobe AIR (its application runtime) to address a priority 3 vulnerability in the AIR installer. More information as well as installation steps are available in the relevant security bulletin.

If I can clarify any of the above update installation steps, please let me know. I am always more than happy to assist.

Thank you.
====================

Adobe did however have make available four security bulletins yesterday that address vulnerabilities in Adobe DNG SDK (1 CVE addressed), Adobe Brackets (2 CVEs addressed), Adobe Creative Cloud Desktop (2 CVEs addressed ) and ColdFusion (1 CVE addressed of higher priority than all others). If you use any of these products, please review the security bulletins linked to above and apply the necessary updates.

You can monitor the availability of security updates for the majority of your software from the following websites (among others) or use Secunia PSI:

—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates.

News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by making a donation.
—————
If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

To assist with making the best use of your time when deploying these updates, I will prioritise the updates for you below:

Please make the Update for DNS Server your first priority since it is not only of critical severity but DNS (defined) is a business critical service used by business of all sizes making it a higher risk. Follow this with Microsoft Office, Microsoft Internet Explorer, Microsoft Edge and Microsoft Jscript and VBScript due to their severities and prevalent use. All remaining security updates can be installed when time allows.

Another security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.5) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

=======================
Aside:
=======================
Apologies for not posting new content in such a long time. With other commitments that needed my attention as well as resolving the hardware failure issue 2 weeks ago (that I mentioned previously) led to this delay. I will post more content soon. Thank you for your understanding.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s