As predicted; earlier today Adobe and Microsoft made available their usual monthly security updates addressing 5 and 77 vulnerabilities (respectively) more formally known as CVEs (defined):
Adobe Bridge CC: 1x Priority 3 vulnerability resolved (Important severity)
Adobe Dreamweaver: 1x Priority 3 vulnerability resolved (Important severity)
Adobe Experience Manager: 3x Priority 2 vulnerabilities : 2x Important, 1x Moderate severity resolved
If you use any of these Adobe products, please apply the necessary updates as soon as possible.
This month’s list of Known Issues from Microsoft is available within their monthly summary page and applies to all currently supported operating systems. Not all issues have workarounds at this time. Just like last month; Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows 8.1 and Windows Server 2012 R2 list known issues with McAfee products and should refer to the guidance linked to by Microsoft within the above linked to attempt to workaround these issues:
4493730 Servicing stack update for Windows Server 2008 SP2
4507434 Internet Explorer 11
4507435 Windows 10, version 1803
4507448 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4507449 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4507450 Windows 10, version 1703
4507453 Windows 10, version 1903, Windows Server version 1903
4507455 Windows 10, version 1709
4507457 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4507458 Windows 10
4507460 Windows 10 1607 and Windows Server 2016
4507462 Windows Server 2012 (Monthly Rollup)
4507464 Windows Server 2012 (Security-only update)
4507469 Windows 10, version 1809, Windows Server 2019
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates.
News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by donating.
For this month’s Microsoft updates, I will prioritize the order of installation below:
Zero-day (defined) vulnerabilities:
CVE-2019-1132 – Win32k Elevation of Privilege Vulnerability
CVE-2019-0880 – Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2019-0785 Windows DHCP Server Remote Code Execution Vulnerability
CVE-2019-1072 Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability
CVE-2019-1056 Scripting Engine
CVE-2019-1106 Scripting Engine
CVE-2019-1092 Scripting Engine
CVE-2019-1103 Scripting Engine
CVE-2019-1107 Scripting Engine
CVE-2019-1062 Scripting Engine
CVE-2019-1004 Scripting Engine
CVE-2019-1001 Scripting Engine
CVE-2019-1063 Internet Explorer Memory Corruption Vulnerability
CVE-2019-1104 Microsoft Browser Memory Corruption Vulnerability
CVE-2019-1102 GDI+ Remote Code Execution Vulnerability
CVE-2019-1113 .NET Framework Remote Code Execution Vulnerability
Servicing Stack Update
Please install the remaining updates at your earliest convenience.
As per standard best practice; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.
I have provided further details of updates available for other commonly used applications below.
Today, Mozilla released Firefox 68.0 to address the following vulnerabilities and to introduce new features:
Firefox 68.0: Resolves 2x critical CVEs (defined), 3x high CVEs, 10x moderate and 4x low CVEs
Firefox 60.8 ESR (Extended Support Release): Resolves 1x critical CVE, 4x high CVEs and 5x moderate CVEs
Firefox now also includes cryptomining protection and fingerprinting protections and improved add-on security (my thanks to Softpedia for this information, more details on other security features are here).
Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, if you have not already done so, please update it as soon as possible to benefit from the above changes.
Earlier today VMware made available an update for ESXi version 6.5. Version 6.0 is unaffected and a patch for 6.7 is pending. This update resolves a denial of service vulnerability.
If you use VMware ESXi, please update when you can.