Today is the 2nd Tuesday of the month, when both Adobe and Microsoft routinely release their scheduled security updates.
Similar to last month Microsoft have released many updates resolving 79 vulnerabilities more formally known as CVEs (defined). It was a light month for Adobe releasing 2 updates resolving 3 vulnerabilities.
Adobe Application Manager: 1x Priority 2 vulnerability resolved (Important severity)
Adobe Flash Player: 2x Priority 3 vulnerabilities resolved (Critical severity)
If you use either of these Adobe products, please install the necessary updates as soon as possible prioritising the Adobe Flash Player update.
This month’s list of Known Issues from Microsoft is available within their monthly summary page and applies to all currently supported operating systems. Almost all issues have workarounds at this time and none appear to be serious issues. The up to date list is available from their summary page.
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates.
News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by donating.
For this month’s Microsoft updates, I will prioritize the order of installation below:
Microsoft Windows LNK Remote Code Execution Vulnerability: CVE-2019-1280
Microsoft Scripting Engine: CVE-2019-1298
Microsoft Scripting Engine: CVE-2019-1300
Microsoft Scripting Engine: CVE-2019-1217
Microsoft Scripting Engine: CVE-2019-1208
Microsoft Scripting Engine: CVE-2019-1221
Microsoft Scripting Engine: CVE-2019-1237
Windows RDP: CVE-2019-1291
Windows RDP: CVE-2019-1290
Windows RDP: CVE-2019-0788
Windows RDP: CVE-2019-0787
Team Foundation Server/Azure DevOps: CVE-2019-1306
Microsoft Office SharePoint: CVE-2019-1295
Microsoft Office SharePoint: CVE-2019-1257
Microsoft Office SharePoint: CVE-2019-1296
Common Log File System Driver (defined): CVE-2019-1214
Microsoft Windows Elevation of Privilege Vulnerability (defined): CVE-2019-1215
Please install the remaining updates at your earliest convenience.
As per standard best practice; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.
I have provided further details of updates available for other commonly used applications below.
On September the 3rd Mozilla released Firefox 69.0 to address the following vulnerabilities and to introduce new privacy features:
Firefox 69.0: Resolves 1x critical CVE (defined), 11x high CVEs, 4x moderate and 3x low CVEs
Firefox ESR 68.1 (Extended Support Release): Resolves 1x critical, 9x high, 4x moderate and 2x low CVEs
Firefox 60.9 ESR : Resolves 1x critical CVE, 7x high CVEs and 1x moderate CVE
Highlights from version 69 of Firefox include:
Blocks 3rd party cookies and cryptominers (using Enhanced Tracking Protection) by default (blocking of fingerprinting scripts will be the default in a future release)
Adobe Flash disabled by default (must be re-enabled if needed)
Separately Mozilla is facing criticism over their plans to gradually roll-out DNS over HTTPS (DoH) later this month since all DNS traffic would go to only one provider, Cloudflare. Google Chrome will implement a similar feature soon (further details are available in the above link also regarding Mozilla).
Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, if you have not already done so, please update it as soon as possible to benefit from the above changes.