Updated: 9th January 2019
Happy New Year to all of my readers. Thanks very much.
Today Microsoft made available monthly updates resolving 47 vulnerabilities (more formally known as CVEs (defined)) respectively. Further details are available from Microsoft’s monthly summary page.
Separately Adobe released out of band (unscheduled) updates last week for Acrobat 2017 and Acrobat DC/Acrobat DC. These updates address 2x critical CVEs.
Other updates released today are as follows:
Adobe Connect: 1x priority 3 CVE resolved
Adobe Digital Editions: 1x priority 3 CVE resolved
Adobe Flash Player: reliability/performance update only
While the Flash Player update is a non-security update it’s likely Adobe chose to release it via the usual channels since it’s what people are familiar with and it helps to get updates out sooner.
Similar to last month; Microsoft’s updates come with a long list of Known Issues that will be resolved in future updates. They are listed below for your reference:
You can monitor the availability of security updates for most your software from the following websites (among others) or use one of the utilities presented on this page:
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates.
News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by donating.
For this month’s Microsoft updates, I will prioritize the order of installation below:
Windows DHCP Client (Further details here)
Microsoft Edge and Internet Explorer (multiple versions of Edge and IE affected)(please also remember last months’s Internet Explorer update).
Microsoft Hyper-V (CVE-2019-0550 and CVE-2019-0551)
Microsoft Exchange (CVE-2019-0586)(Further details here)
Please install the remaining updates at your earliest convenience.
As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.
Please find below summaries of other notable updates released this month.
Intel Security Advisories:
Intel have released a series of security advisories so far this month. Of highest priority is the advisory for their Intel PROSet/Wireless WiFi Software to resolve a high severity CVSS Base Score 7.8 vulnerability. The security advisory affects many of their WiFi adapters.
Further important updates for their System Support Utility and Intel SGX SDK and Intel SGX Platform Software were also made available. Meanwhile lower severity issues were addressed in Intel’s SSD data-center tool for Windows, Intel NUC Firmware and Intel Optane SSD DC P4800:
If you use any of the affected software or products, please update them as soon as possible especially in the case of the PROSet/Wireless WiFi Software.
In the final week of January; Mozilla made available Firefox 65 and Firefox ESR (Extended Support Release) 60.5:
Firefox 65: Resolves 3x critical, 2x high and 2x moderate CVEs (defined)
Firefox 60.5: Resolves 2x critical and 1x high CVEs
Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, if you have not already done so, please update it as soon as possible to benefit from the most recent improvements by Mozilla.
Wireshark 2.4.12 and 2.6.6
v2.4.12: 6 security advisories
v2.6.6: 4 security advisories
As per standard process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code (v2.6.6 or v2.4.12). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.
For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.