To my readers; I hope you and your families are safe and well. Sorry for the delay in publishing this post. However, it does contain information made available after the 9th February and should still prove useful.
Tuesday, 9th February was the release day for Adobe and Microsoft’s scheduled security updates. Adobe addressed 50 vulnerabilities and Microsoft resolved 56 vulnerabilities more formally known as CVEs (defined).
Let’s begin with Adobe’s security updates:
Adobe Acrobat and Reader: Addresses 23x Priority 1 (17x Critical Severity and 6x Important Severity) vulnerabilities
Adobe Animate: Addresses 1x Priority 3 (1x Critical Severity) vulnerabilities
Adobe Dreamweaver: Addresses 1x Priority 3 (1x Important Severity) vulnerabilities
Adobe Illustrator: Addresses 2x Priority 3 (2x Critical Severity) vulnerabilities
Magento: Addresses 18x Priority 2 (7x Critical, 10x Important and 1x Moderate Severity) vulnerabilities
Adobe Photoshop: Addresses 5x Priority 3 (5x Critical Severity) vulnerabilities
If you use any of the above Adobe products, please make certain to install the relevant updates as soon as possible. This is especially important in the case of the critical severity updates.
Separately, Microsoft from the 16th February onwards began releasing an optional update for Windows 10 that removes the embedded version of Flash Player (that was previously used by Internet Explorer).
I installed this update on my 3x Windows 10 20H2 systems (2x physical and 1x virtual machine). The update never requested a reboot. It left behind some empty folders (the locations of which are detailed here). This was a very smooth removal. I will install this update on my 2x physical Windows 8.1 systems when it is offered to them (likely in March 2021).
=======================
Microsoft currently lists 36 Known Issues within its monthly summary. Almost all have workarounds or resolutions (others have solutions currently being worked upon). Please review the list from the above link if you have any concerns.
====================
A further useful source of update related information is the US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
https://www.us-cert.gov/
====================
For this month’s Microsoft updates, as always I will prioritise the order of installation below:
====================
Microsoft Windows Win32k Elevation of Privilege Vulnerability: CVE-2021-1732
Windows TCP/IP Remote Code Execution Vulnerability: CVE-2021-24074
Windows TCP/IP Remote Code Execution Vulnerability: CVE-2021-24094
Windows DNS Server Remote Code Execution Vulnerability: CVE-2021-24078
Windows Local Spooler Remote Code Execution Vulnerability: CVE-2021-24088
Windows Graphics Component Remote Code Execution Vulnerability: CVE-2021-24093
.NET Core for Linux Remote Code Execution Vulnerability: CVE-2021-14112
Microsoft .NET Core and Visual Studio Remote Code Execution Vulnerability: CVE-2021-26701
Windows Fax Service Remote Code Execution Vulnerability: CVE-2021-24077
Windows Fax Service Remote Code Execution Vulnerability: CVE-2021-1722
Sysinternals PsExec Elevation of Privilege Vulnerability: CVE-2021-1733 (a revised fixed was made available by Microsoft in March 2021)
Microsoft Windows Codecs Library Remote Code Execution Vulnerability: CVE-2021-24081
Windows Camera Codec Pack Remote Code Execution Vulnerability: CVE-2021-24091
Microsoft Windows Installer Elevation of Privilege Vulnerability: CVE-2021-1727
Microsoft .NET Core and Visual Studio Remote Code Execution Vulnerability: CVE-2021-1721
Windows Console Driver Denial of Service Vulnerability: CVE-2021-24098
Windows DirectX Information Disclosure Vulnerability: CVE-2021-24106
As per standard best practice, I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.
I have also provided further details of updates available for other commonly used applications below.
To all of my readers; I hope you and your families stay safe during these tough times. Thank you.
====================
Mozilla Firefox
====================
In the first week of February Mozilla made available Firefox 85.0.1 and Firefox ESR (Extended Support Release) 78.7.1 to resolve the following critical vulnerability:
Firefox 85.0.1 and Firefox ESR 78.7.1: Resolves 1x Critical severity CVE
A mitigation for the Windows 10 NTFS Corruption vulnerability was also added to Firefox 85.0.1. My thanks to BleepingComputer for their article on that issue.
Later on, the 23rd February, Mozilla made available Firefox 86 and Firefox ESR 78.8 to resolve the following vulnerabilities:
Firefox 86: Resolves 5x High severity, 4x Moderate and 3x Low severity CVEs
Firefox ESR 78.8: Resolves 3x High and 1x Low severity CVEs
Firefox 86 introduces Total Cookie Protection and multiple picture in picture (among other features detailed here).
Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, if you have not already done so, please update it as soon as possible to benefit from the above change.
====================
Google Chrome
====================
Google has released 4 Chrome updates so far in February version 88.0.4324.146 , version 88.0.4324.150 and version 88.0.4324.182 for Linux, Mac and Windows to resolve 6, 1 and 10 security vulnerabilities (respectively). Version 88.0.4324.190 and 192 for Mac do not contain security updates. Version 88 of Chrome removes support for Adobe Flash.
Google Chrome updates automatically and will apply the update the next time Chrome is closed and then re-opened. Chrome can also be updated immediately by clicking the Options button (it looks like 3 vertically stacked dots) in the upper right corner of the window and choosing “About Google Chrome” from the menu. Follow the prompt to Re-launch Chrome for the updates to take effect.
====================
Cyberpunk 2077
====================
The popular video game Cyberpunk 2077 has released a security update, hotfix version 1.12 to resolve the following security issues:
Fixed a buffer overrun (defined) issue
Removed/replaced non-ASLR (defined) DLLs (defined)
My thanks to BleepingComputer for their article listing the availability of this security update.
====================
Apple Security Updates
====================
Apple had released the following security updates so far in February:
Apple macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave: Addresses 66x CVEs
Apple Safari 14.0.3: Addresses 3X CVEs
Apple macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002: Addresses 3x CVEs