Tag Archives: Adobe Connect

July 2017 Security Updates Summary

Earlier today as expected Microsoft and Adobe made available their monthly scheduled security updates.

Microsoft resolved a relatively large number of vulnerabilities at 54 in total more formally known as CVEs (defined). However it’s less than last month at 94. These are detailed within Microsoft’s new Security Updates Guide.

After 2 months of updates being released for versions of Windows which were no longer supported, this month is a return to the usual expected patches.

At the time of writing there are no Known Issues for this month’s Microsoft updates. The IT Pro Patch Tuesday blog which I routinely referenced is no longer available.

====================

Adobe made available just two security bulletins for the following products:

Adobe Connect (priority 3, 2x important and 1x moderate CVE)

Adobe Flash (priority 1, 1x critical, 2x important CVEs)

The priority ratings are explained in this link. Depending on which version of Flash Player you have, please review the Adobe security bulletin or Microsoft bulletin (the link includes “April” in the URL but it is not a typo) as appropriate and apply the recommended updates. Google Chrome users should have the updated version installed automatically later this week (if not already available).

If you use any of the above-mentioned Adobe products, please review the security bulletins linked to above and apply the necessary updates. As per the established process the Flash update should be installed as soon as possible since exploit kits (defined) tend to take advantage of newly disclosed vulnerabilities very quickly.

 

You can monitor the availability of security updates for most your software from the following websites (among others) or use Secunia PSI:
—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General SoftwareSecurity Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by donating.

—————
If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

====================
For this month’s Microsoft updates, I will prioritize the order of installation for you below:
====================
Critical severity:

Windows Search

Microsoft Edge and Internet Explorer

NT LAN Manager Elevation of privilege (CVE-2017-8563)(Corporate users: please ensure to set a more secure LDAP setting as per this knowledge base article)

Windows Explorer (CVE-2017-8463)
====================

Please install the remaining updates at your earliest convenience.

As always you can find detailed information on the contents of each security bulletin within ComputerWorld’s Patch Tuesday Debugged column.

Another security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.52) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary. Please note that Microsoft EMET will be out of support on the 31st of July 2018.

As noted in this new blog post, parts of EMET are to become available in the Creator’s Fall Update for Windows 10 set for release in September 2017.

As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.

Note: This post marks the 300th post on this blog. Thank you very much to my readers and here’s to the next 300!

=======================
Update:8th August 2017:
=======================

=======================
Nvidia Geforce Drivers:
=======================
This update applies to Linux, FreeBSD, Solaris and Windows and resolves up to 9 security vulnerabilities. The steps to install the drivers are detailed here. I detailed where Nvidia list their security advisories in a previous blog post.

November 2016 Security Updates Summary

Earlier today Microsoft and Adobe released their scheduled monthly security updates.

Microsoft’s made available many bulletins, 14 in total. These updates address 67 vulnerabilities listed within Microsoft’s security bulletin summary (as before excluding the Adobe bulletin). These are more formally known as CVEs (defined).

Once again this month (so far) there are no Known Issues detailed within the above mentioned summary page. Monitoring this page before deploying the updates as well as the IT Pro Patch Tuesday blog will keep you well informed enabling you to have the best opportunity to avoid potential issues. If any issues do arise, those pages should be your first places to check for solutions.

====================

Today Adobe made available one other security bulletin by Adobe affecting Adobe Connect (resolving 1x priority 3 issue) in addition to their regular Flash Player update. Depending on which version of Flash Player you have, please review the Adobe security bulletin or Microsoft bulletin as appropriate and apply the recommended updates. Google Chrome users will have the updated installed automatically alongside the updated version of Google Chrome which was made available very shortly after Adobe’s update.

The Flash Player update addresses 9 priority 1 CVEs. If you use either of these products, please review the security bulletins linked to above and apply the necessary updates.

You can monitor the availability of security updates for the majority of your software from the following websites (among others) or use Secunia PSI:

—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates.

News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by making a donation.
—————

If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

To assist with making the best use of your time when deploying these updates, I will prioritise the updates for you below:

This month the previously disclosed zero day (defined) vulnerability under attacker should take first priority, it is addressed in MS16-135 Next, please prioritise the deployment of the following updates:

Microsoft Internet Explorer, Microsoft Edge, Microsoft Graphics Component , Microsoft Office, Microsoft Video Control and the Windows Security Update bulletin.

Businesses and enterprise should priorities the deployment of the SQL Server update since it addresses 6 important vulnerabilities.

As always Adobe’s Flash Player update (to version 23.0.0.207) should also be on your shortlist this month.

The remaining security updates can be installed when you have the time to do so. Detailed information on the contents of each security bulletin is published each month within ComputerWorld’s Patch Tuesday Debugged column.

Another security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.5) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary.

Please note that Microsoft EMET is in the process of being retired with the end of support scheduled for the 31st of July 2018.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

February 2016 Security Updates Summary

Since today is the second Tuesday of the month Microsoft and Adobe made available their scheduled security updates for their software.

There are 13 bulletins in total (although MS16-022 is related to Adobe Flash Player) addressing 41 security issues with Microsoft software more formally known as CVEs (defined) and 32 CVEs within Adobe software (22 within Flash Player and a further 10 CVEs in total within Adobe Experience Manager, Adobe Connect and Photoshop CC/Bridge CC):

=======================
Microsoft’s Security Bulletin Summary lists 5 Known Issues with regard to the following bulletins:

MS16-009: Update for Internet Explorer: Knowledge base article kb3134814: After installing this update it can cause websites not to display in Internet Explorer 11 Enterprise mode (used for compatibility with older websites). This issue can be resolved by installing the update documented in knowledge base article kb3141092

MS16-014: Security Update for Windows: Knowledge base articles kb3126587 and kb3126593: Issues include compatibility issues with Corel software (suggested workaround available) and possible error messages appearing in the Windows event log, no workaround provided.

MS16-017: Security Update for Remote Desktop Display Driver: Knowledge base articles kb3134700 and kb3126446: Issues involve needing to restart your computer multiple times after installing this update.
=======================

Microsoft have also made available a security advisory today for ASP.Net templates when used within Visual Studio 2013 and 2015. Users of Visual Studio and/or software developers should review this advisory to determine if you need to take further action.

Moreover; an alternative source for information on Known Issues is the IT Pro Patch Tuesday blog which is usually updated shortly after the release of the updates if any issues are encountered. No issues are listed at the time of writing.

One of Adobe’s updates that was mentioned above addresses 22 critical CVEs within Flash Player. From the many exploits that were developed for Flash Player last year it would be prudent to install this update before any other updates (further discussion provided below). Further details for this update are available in this security bulletin. If you use Adobe Experience Manager, Adobe Connect or Photoshop CC/Bridge CC, please follow the above product links to the appropriate security bulletins and apply the necessary updates.

You can monitor the availability of security updates for the majority of your software from the following websites (among others) or use Secunia PSI:

—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
—————

If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

While the Adobe Flash Player update should be applied before all other updates this month to assist with prioritizing Microsoft’s updates I would recommend beginning to install Microsoft updates starting with the Internet Explorer update, Microsoft Edge, Microsoft Office, Windows PDF Library and Windows Journal (in this order) due to their critical severities and widespread use. You can then install any remaining applicable updates beginning this round of updates with the Kernel Mode Drivers update since exploitation of the vulnerability it addresses is more likely.

One other security pre-caution that you may wish to take if you have Microsoft EMET installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of July’s Update Summary.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.