Earlier today Microsoft resolved 49 vulnerabilities more formally known as CVEs (defined).
At the time of writing; there are known issues with the Windows 7 NIC being an issue again this month:
4462917 : No workaround at this time.
4462923 : Workaround available.
As always; further details are available in Microsoft’s update summary for October. Moreover, Adobe issued 4 updates today patching the following products:
Adobe Digital Editions (priority 3, resolves 4x critical and 5x important CVEs)
Adobe Experience Manager (priority 2. 3x important and 2x moderate CVEs)
Adobe Framemaker (priority 3, resolves 1x important CVE)
Adobe Technical Communications Suite (priority 3, resolves 1x important CVE)
Earlier this month Adobe released updates for Acrobat DC and Reader DC resolving 86 CVEs (47x critical and 39x important). These were in addition to the updates made available in September (which resolved 1x critical and 6 important CVEs).
As per standard practice if you use any of the above Adobe software, please update it as soon as possible especially in the case of Acrobat DC and Reader DC. No updates for Flash Player have been distributed so far this month.
You can monitor the availability of security updates for most your software from the following websites (among others) or use one of the utilities presented on this page:
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates.
News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by donating.
For this month’s Microsoft updates, I will prioritize the order of installation below:
Microsoft Edge and Internet Explorer (multiple versions of Edge and IE affected)
2x vulnerabilities affecting Microsoft Hyper-V (affects Windows 10, Windows 8.1 (including Windows RT 8.1) and Windows 7 along with their Server equivalents)(the links above provide details on both vulnerabilities)
Please install the remaining updates at your earliest convenience.
As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.
Please find below summaries of other notable updates released this month.
In early September Mozilla made available updated versions of Firefox:
Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, if you have not already done so, please update it as soon as possible to resolve these security issues.
VMWare has issued 2 security advisories so far for October:
Security advisory 1 (addresses 1 critical vulnerability) in the following products:
- AirWatch Console 9.1 to 9.7
Security advisory 2 (addresses 1 important vulnerability via a mitigation) in the following products:
- Workstation Pro
If you use the above VMware products, please review the security advisories and apply the necessary updates/mitigations.