December 2017 Update Summary

Earlier this month Microsoft closed out the year with a small number of security updates. They resolved 32 vulnerabilities. Further details are provided within Microsoft’s new Security Updates Guide.

Sorry for not posting this sooner; travelling for my job meant my time was much more limited.

No Known Issues were listed as occurring for this months update.

====================

Meanwhile Adobe also completed their yearly updates with a single update for Flash Player resolving a single priority 2 CVE (defined).

You can monitor the availability of security updates for most your software from the following websites (among others) or use Secunia PSI:
—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General SoftwareSecurity Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by donating.

====================
For December Microsoft updates, I will prioritize the order of installation below:
====================
Critical severity:

Microsoft Edge and Internet Explorer (multiple versions of Edge and IE affected)

Important severity:

Windows RRAS (Routing and Remote Access) Service Remote Code Execution Vulnerability

====================

Please install the remaining updates at your earliest convenience.

As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

=======================
VMware AirWatch Console and other VMware Products
=======================
A security advisory for VMware AirWatch Console to address a moderate security vulnerability was made available in December. A further security advisory to address 4 important vulnerabilities within the products listed below was also published:

  • ESXi
  • vCenter Server Appliance
  • Workstation
  • Fusion

=======================
Google Chrome:
=======================
An update for Google Chrome included 37 security fixes while a second update included 2 further fixes.

Google Chrome updates automatically and will apply the update the next time Chrome is closed and then re-opened. Chrome can also be updated immediately by clicking the Options button (it looks like 3 stacked small horizontal lines, sometimes called a “hamburger” button) in the upper right corner of the window and choosing “About Google Chrome” from the menu. Follow the prompt to Re-launch Chrome for the updates to take effect.
=======================

=======================
Apple security updates:
=======================
During the first half of December Apple made available security updates for the following products:

=======================

Apple tvOS 11.2 and 11.2.1

Apple iOS 11.2 and 11.2.1

Apple watchOS 4.2

Apple Safari 11.0.2

Apple macOS High Sierra 10.13.2, Sierra and El Capitan

Apple iTunes 12.7.2 for Windows

AirPort Base Station Firmware Update 7.6.9 and AirPort Base Station Firmware Update 7.7.9

Apple iCloud for Windows 7.2

=======================

Please see these links from Apple for advice on backing up your iPhone and iPad. Advice for updating tvOS is available here while the steps for updating the Apple Watch are available here. Further details of these updates are available on Apple’s dedicated security updates page.

For advice on how to install updates for Apple devices, please see the steps detailed at the end of this Sophos blog post as well as this link (from my “Protecting Your PC” page).

=======================
Mozilla Firefox and Firefox ESR
=======================
During December Mozilla released security updates for Firefox and Firefox ESR (Extended Support Release) raising their version numbers to 57.0.2 and 52.5.2 respectively.

  • Firefox 57.0.2 resolves 1 CVE
  • Firefox ESR 52.5.2 resolves 2 CVEs.

As always full details of the security issues resolved by these updates are available in the following links:

Firefox 57.0.2
Firefox 52.5.2

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, please update it as soon as possible to resolve these security issues.

=======================
VideoLAN VLC:
=======================
In early December VideoLAN made available version 2.2.8 of VLC for Linux, Apple macOS  and Windows. It addresses 4 security vulnerabilities (3 of which were addressed in 2.2.7). If you use VLC, please update as soon as possible to address the above mentioned security vulnerabilities as well as the general software bugs that were resolved.

=======================
WinSCP
=======================
In mid-December; WinSCP version 5.11.3 was released upgrading it’s embedded OpenSSL version to 1.0.2n (which addresses 1x moderate and 1x low severity CVEs).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.