Tag Archives: Microsoft Edge

January 2019 Update Summary

====================
Updated: 9th January 2019
====================
Happy New Year to all of my readers. Thanks very much.

Today Microsoft made available monthly updates resolving 47 vulnerabilities (more formally known as CVEs (defined)) respectively. Further details are available from Microsoft’s monthly summary page.

Separately Adobe released out of band (unscheduled) updates last week for Acrobat 2017 and Acrobat DC/Acrobat DC. These updates address 2x critical CVEs.

Other updates released today are as follows:
Adobe Connect: 1x priority 3 CVE resolved
Adobe Digital Editions: 1x priority 3 CVE resolved
Adobe Flash Player: reliability/performance update only

While the Flash Player update is a non-security update it’s likely Adobe chose to release it via the usual channels since it’s what people are familiar with and it helps to get updates out sooner.

Similar to last month; Microsoft’s updates come with a long list of Known Issues that will be resolved in future updates. They are listed below for your reference:

KB4468742
KB4471389
KB4480116
KB4480961
KB4480962
KB4480963
KB4480966
KB4480970
KB4480973
KB4480975
KB4480978

You can monitor the availability of security updates for most your software from the following websites (among others) or use one of the utilities presented on this page:

====================
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates.

News/announcements of updates in the categories of General SoftwareSecurity Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by donating.

====================
For this month’s Microsoft updates, I will prioritize the order of installation below:
====================
Windows DHCP Client (Further details here)

Microsoft Edge and Internet Explorer (multiple versions of Edge and IE affected)(please also remember last months’s Internet Explorer update).

Microsoft Hyper-V (CVE-2019-0550 and CVE-2019-0551)

Microsoft Exchange (CVE-2019-0586)(Further details here)
====================
Please install the remaining updates at your earliest convenience.

As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.

Please find below summaries of other notable updates released this month.

Thank you.

====================
Intel Security Advisories:
====================
Intel have released a series of security advisories so far this month. Of highest priority is the advisory for their Intel PROSet/Wireless WiFi Software to resolve a high severity CVSS Base Score 7.8 vulnerability. The security advisory affects many of their WiFi adapters.

Further important updates for their System Support Utility and Intel SGX SDK and Intel SGX Platform Software were also made available. Meanwhile lower severity issues were addressed in Intel’s SSD data-center tool for Windows, Intel NUC Firmware and Intel Optane SSD DC P4800:

If you use any of the affected software or products, please update them as soon as possible especially in the case of the PROSet/Wireless WiFi Software.

December 2018 Update Summary

====================
Update: 3rd January 2019
====================
Apologies for the delay.

Microsoft made available an out of band (un-scheduled) security update available for Internet Explorer on the 19th of December. This vulnerability is being actively exploited; thus if you have not already done, please update your Windows systems. All supported Windows Server and consumer versions of Windows are affected. The full table of affected Windows versions is available here from Microsoft.

For Lenovo laptops running Windows 10 Version 1607 with less than 8 GB of system memory (RAM); Microsoft has provided the following workarounds since this new security update inadvertently causes these systems to be unbootable:

====================
Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.

If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.

Microsoft is working with Lenovo and will provide an update in an upcoming release.
====================

Thank you.

====================
Original Post:
====================
Earlier today Microsoft and Adobe made available monthly updates addressing 39 vulnerabilities and 88 vulnerabilities (more formally known as CVEs (defined)) respectively. As always; more information is available from Microsoft’s monthly summary page and Adobe’s blog post.

While Adobe’s update addresses a large number of vulnerabilities; Microsoft’s released updates are fewer in overall vulnerabilities and should be considered light when compared to some months this year. If you use Adobe Flash Player, if you have not already done so; please ensure it is up to date (version 32.0.0.101). They addressed a zero day (defined) vulnerability with that update earlier this month which was in use by an APT group (defined in this context it is an organised group making use of zero day vulnerabilities).

Unfortunately; Microsoft’s updates also come with a list of Known Issues that will be resolved in future updates. They are listed below for your reference:

KB4471318: Windows 7 SP1 and Windows Server 2008 R2 SP1 : Workaround provided

KB4471321 : Windows 10, Version 1607Windows Server 2016 : resolutions are in progress

KB4471324 Windows 10, Version 1803 : resolution in progress

KB4471327 : Windows 10, Version 1703 : resolution in progress

KB4471329 Windows 10, Version 1709 : resolution in progress

As briefly mentioned above Adobe issued updates for Adobe Acrobat and Reader:

Adobe Acrobat and ReaderPriority 2: Resolves 40x Critical CVEs ands 48x Important CVEs

If you use Adobe Acrobat or Reader, please update it as soon as possible especially given the large number of critical vulnerabilities that were patched.

You can monitor the availability of security updates for most your software from the following websites (among others) or use one of the utilities presented on this page:

====================
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates.

News/announcements of updates in the categories of General SoftwareSecurity Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by donating.

====================
For this month’s Microsoft updates, I will prioritize the order of installation below:
====================
Microsoft Edge and Internet Explorer (multiple versions of Edge and IE affected)

CVE-2018-8611 : Windows Kernel (defined) (this vulnerability is already being exploited)

====================
Please install the remaining updates at your earliest convenience.

As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.

Please find below summaries of other notable updates released this month.

Thank you.

=======================
Mozilla Firefox
=======================
Also earlier today Mozilla made available security updates for Firefox and Firefox ESR (Extended Support Release):

Firefox 64: Resolves 2x critical CVEs (defined), 5x high CVEs, 3x moderate CVEs and 1x low CVE

Firefox ESR 60.4: Resolves 1x critical CVE, 4x high CVEs and 1x low CVE.

Further details of the security issues resolved by these updates are available in the links above. Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, if you have not already done so, please update it as soon as possible to resolve these security issues.

Update:
Separately; Firefox 64 now includes small pop-ups known as “snippets” which turned out to be an experiment by Mozilla. If you wish to turn them off; the steps are available here.

Meanwhile extension recommendations within Firefox 64 can be disabled using these steps.

=======================
Google Chrome:
=======================
Google released Google Chrome version 71.0.3578.80 to address 43 vulnerabilities.

Google Chrome updates automatically and will apply the update the next time Chrome is closed and then re-opened. Chrome can also be updated immediately by clicking the Options button (it looks like 3 stacked small horizontal lines, sometimes called a “hamburger” button) in the upper right corner of the window and choosing “About Google Chrome” from the menu. Follow the prompt to Re-launch Chrome for the updates to take effect.

November 2018 Update Summary

Yesterday Microsoft and Adobe published their routine monthly updates resolving 62 and 3 vulnerabilities (more formally known as CVEs (defined)) respectively. More information is available from Microsoft’s monthly summary page and Adobe’s blog post.

Microsoft’s updates also come with a list of Known Issues that will be resolved in future updates. They are listed below for your reference:

KB4467691

KB4467696

KB4467686

KB4467702 (file type association issue to be resolved later in November 2018)

KB4467107

As summarized above; Adobe issued 3 updates for the following products:

Adobe Acrobat and Reader: Priority 1: Resolves 1x Important CVE (see also this page for a Windows 10 additional mitigation)

Adobe Flash Player: Priority 2: Resolves 1x Important CVE

Adobe Photoshop CC: Priority 3: Resolves 1x Important CVE

As per standard practice if you use any of the above Adobe software, please update it as soon as possible especially in the case of Acrobat DC and Reader DC due to the public proof of concept code released.

You can monitor the availability of security updates for most your software from the following websites (among others) or use one of the utilities presented on this page:

====================
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates.

News/announcements of updates in the categories of General SoftwareSecurity Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by donating.

====================
For this month’s Microsoft updates, I will prioritize the order of installation below:
====================
Microsoft Edge and Internet Explorer (multiple versions of Edge and IE affected)

Windows Kernel (a zero day (defined) vulnerability in Windows Server 2008, Server 2008 R2 and Windows 7)

Microsoft Dynamics 365

Windows Deployment Services (if used within your organization)

Microsoft Office (11x CVEs + 3x further CVEs in Office SharePoint)

Windows VBScript

Microsoft Graphics Component

Microsoft Bitlocker

====================
Please install the remaining updates at your earliest convenience.

As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.

Please find below summaries of other notable updates released this month.

Thank you.

=======================
Nvidia Graphics Drivers:
=======================
A low severity vulnerability (this is a local rather than a remotely exploitable vulnerability) with a CVSS V3 (defined) base score 2.2 had been found within Nvidia’s graphics card drivers (defined). At the time of writing no fix is yet available but will address it in a future driver release. Please monitor their security advisory for further updates.

TLS 1.0 and 1.1 Upcoming End of Support Announced

Early last week saw a coordinated effort from almost major browser vendor to follow the guidelines of the PCI-DSS standard and to end support for TLS 1.0 and 1.1

Why should this change be considered relevant?
Each of the browser vendors have worked together to create a definite timeline (starting in 2020 and complete by July 2020) for the end of support of these now obsolete security protocols. TLS 1.0 is almost 20 years old and is no longer PCI-DSS compliant.  Separately TLS 1.1 is more than 10 years old. They both contain known vulnerabilities e.g. BEAST (an attack), DROWN or FREAK (both downgrade attacks) etc. use insecure hash functions (e.g. MD5 and SHA-1) and receive very little use today:

0.4% from Apple Safari (<0.36% for all connections) (Source: WebKit)

0.5% for Google Chrome (Source: Google)

1.2% of Firefox Beta 62 during the time August-September 2018 (Source: Mozilla)

0.72% for Microsoft Edge (Source: Microsoft)

More modern standard e.g. TLS 1.2 offers improved performance when used with HTTP/2 and are PCI-DSS compliant. Moreover, it doesn’t suffer from all of the vulnerabilities affecting prior versions and includes stronger alternatives to older hash functions e.g. ECDHE_RSA_WITH_AES_128_GCM_SHA256 .

What does the future hold?
Following the recent deprecation of any standard of TLS older than 1.2 on the 30th of June this year due to the mandate set by the PCI Security Standard Council has steadily seen the increase of the recently ratified TLS 1.3 (in April 2018) but defined within (Request for Comments) RFC 8446 in August. This is in part due to a change by Mozilla to Firefox in April and the adoption of the newest standard by some popular websites e.g.:

Google’s Gmail (although the newer standard isn’t always enabled)

https://www.bleepingcomputer.com/

https://www.securityweek.com/

https://nakedsecurity.sophos.com

https://www.theregister.co.uk/

https://www.wordpress.com (which also includes this blog you are reading!)

The OpenSSL Foundation added full TLS 1.3 support to their popular cryptographic library OpenSSL with the release of version 1.1.1 in September 2018. OpenSSL are further driving adoption of the newest standard by ending support for the current long term support (LTS) version 1.0.2 by the end of 2019 (with it only receiving security updates after the 31st December 2018).

The increase in traffic is best illustrated by Mozilla showing approaching 6% usage for Firefox Beta 62 during the time August-September 2018. Such an increase is really good news for the security of the Internet specifically any online service that requests personal information and e-commerce websites in particular.

For more information on which web browsers support TLS 1.3, please see this link with a table from Salesforce illustrating browser support for TLS 1.2 here.

Thank you.

October 2018 Update Summary

Earlier today Microsoft resolved 49 vulnerabilities more formally known as CVEs (defined).

At the time of writing; there are known issues with the Windows 7 NIC being an issue again this month:

4459266 : Can be resolved by installed the Microsoft Exchange update with administrative (defined) privileges.

4462917 : No workaround at this time.

4462923 : Workaround available.

As always; further details are available in Microsoft’s update summary for October. Moreover, Adobe issued 4 updates today patching the following products:
Adobe Digital Editions (priority 3, resolves 4x critical and 5x important CVEs)

Adobe Experience Manager (priority 2. 3x important and 2x moderate CVEs)

Adobe Framemaker (priority 3, resolves 1x important CVE)

Adobe Technical Communications Suite (priority 3, resolves 1x important CVE)

Earlier this month Adobe released updates for Acrobat DC and Reader DC resolving 86 CVEs (47x critical and 39x important). These were in addition to the updates made available in September (which resolved 1x critical and 6 important CVEs).

As per standard practice if you use any of the above Adobe software, please update it as soon as possible especially in the case of Acrobat DC and Reader DC. No updates for Flash Player have been distributed so far this month.

You can monitor the availability of security updates for most your software from the following websites (among others) or use one of the utilities presented on this page:

====================
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates.

News/announcements of updates in the categories of General SoftwareSecurity Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by donating.

====================
For this month’s Microsoft updates, I will prioritize the order of installation below:
====================
Microsoft Edge and Internet Explorer (multiple versions of Edge and IE affected)

2x vulnerabilities  affecting Microsoft Hyper-V (affects Windows 10, Windows 8.1 (including Windows RT 8.1) and Windows 7 along with their Server equivalents)(the links above provide details on both vulnerabilities)

Microsoft JET database (resolved by installing the latest cumulative update for your version of Windows: Windows 10; Windows 8.1 or Windows 7.

Microsoft Exchange Server 2016, 2013 and 2010

====================
Please install the remaining updates at your earliest convenience.

As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.

Please find below summaries of other notable updates released this month.

Thank you.

=======================
Mozilla Firefox:
=======================
In early September Mozilla made available updated versions of Firefox:

Firefox 62.0.3: Resolves 2x critical CVEs (defined)

Firefox ESR 60.2.2 (Extended Support Release): Resolves 2x critical CVEs

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, if you have not already done so, please update it as soon as possible to resolve these security issues.

=======================
VMware
=======================
VMWare has issued 2 security advisories so far for October:

Security advisory 1 (addresses 1 critical vulnerability) in the following products:

  • AirWatch Console 9.1 to 9.7

Security advisory 2 (addresses 1 important vulnerability via a mitigation) in the following products:

  • ESXI
  • Fusion
  • Workstation Pro

If you use the above VMware products, please review the security advisories and apply the necessary updates/mitigations.

September 2018 Update Summary

=======================
Update: 11th September 2018:
=======================
Earlier today Microsoft and Adobe made available their scheduled updates. Microsoft resolved 61 vulnerabilities more formally known as CVEs (defined).

At the time of writing; there are known issues but with only the now commonly occurring Windows 7 NIC being an issue this month:

KB4457128

KB4457144

KB4458321

Further details are available in Microsoft’s update summary for September.

Adobe issued 2 updates today:

Adobe ColdFusion (priority 2, resolves 6x critical CVEs)
Adobe Flash (priority 2, resoles 1x CVE)

As per standard practice if you use any of the above Adobe software, please update it as soon as possible especially in the case of Flash. Updates for Google Chrome will be available shortly either via a browser update or their component updater.

You can monitor the availability of security updates for most your software from the following websites (among others) or use one of the utilities presented on this page:

====================
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General SoftwareSecurity Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by donating.

====================
For this month’s Microsoft updates, I will prioritize the order of installation below:
====================
Microsoft Edge and Internet Explorer (multiple versions of Edge and IE affected)

Microsoft Hyper-V (affects Windows 10 and Windows 8.1 (including Windows RT 8.1) and their Server equivalents)

Windows Task Scheduler (relating to a previous blog post)

Security advisory for “FragmentSmack” CVE-2018-5391

====================
Please install the remaining updates at your earliest convenience.

As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.

Please find below summaries of other notable updates released this month.

Thank you.

=======================
Original Post:
=======================
In advance of further updates being released by Microsoft and Adobe this month I wish to provide details of notable updates made available so far. I will update this post as more updates are distributed.

Thank you.

=======================
Mozilla Firefox:
=======================
In early September Mozilla made available updated versions of Firefox:

Firefox 62: Resolves 1x critical CVE (defined), 3x high CVEs, 2x moderate CVEs, 3x low CVEs

Firefox ESR 60.2 (Extended Support Release): Resolves 1x critical CVE, 2x high CVEs, 2x moderate CVEs and 1x low CVE.

Further discussion of the other features introduced by Firefox 62 is available here. In the future Firefox will block multiple trackers which will boost privacy for it’s users. Future versions will implement these changes.

In-depth details of the security issues resolved by these updates are available in the links above. Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, if you have not already done so, please update it as soon as possible to resolve these security issues.

=======================
Google Chrome:
=======================
Last week Google released version 69 (specifically version 69.0.3497.81) of Chrome celebrating Chrome’s 10th anniversary. This version not only incorporates fixes for 40 vulnerabilities but also includes many more improvements. Among them are an improved password manager/form filler and a change in how secured (encrypted) webpages are indicated.

Google Chrome updates automatically and will apply the update the next time Chrome is closed and then re-opened. Chrome can also be updated immediately by clicking the Options button (it looks like 3 stacked small horizontal lines, sometimes called a “hamburger” button) in the upper right corner of the window and choosing “About Google Chrome” from the menu. Follow the prompt to Re-launch Chrome for the updates to take effect.

=======================
VMware
=======================
VMWare has issued a single security advisory so far in September:

Security advisory 1 (addresses 2 vulnerabilities of Low severity):

  • AirWatch Agent for iOS (A/W Agent)
  • VMware Content Locker for iOS (A/W Locker)

If you use the above VMware product, please review the security advisory and apply the necessary updates.

August 2018 Update Summary

Today Microsoft released updates to resolve 63 vulnerabilities (more formally known as CVEs (defined)).

This month also brings a new set of vulnerabilities affecting only Intel CPUs. I detail these more thoroughly in a separate post. However high level details are provided below.

Compared to previous months updates these have a smaller list of known issues (most of which have workarounds). Links to the relevant knowledge base (KB) articles are provided below:

KB4340731

KB4340733

KB4343885

KB4343892

KB4343897

KB4343900

KB4343909

====================

Adobe also released update for the following products:

Adobe Acrobat and Reader DC (priority 2, 2x CVEs)

Adobe Creative Cloud Desktop (priority 3, 1x CVE)

Adobe Experience Manager (priority 2, 3x CVEs)

Adobe Flash (priority 2, 5x CVEs)

As always if you use any of the above Adobe software, please update it as soon as possible especially in the case of Flash and Acrobat DC/Reader DC. Updates for Google Chrome will be available shortly either via a browser update or their component updater.

Please also review the out of band updates for Photoshop CC and Creative Cloud Desktop and apply them if you use these products.

You can monitor the availability of security updates for most your software from the following websites (among others) or use one of the utilities presented on this page:
—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):

https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General SoftwareSecurity Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).

If you like and use it, please also consider supporting that entirely volunteer run website by donating.

====================
For this month’s Microsoft updates, I will prioritize the order of installation below:

====================

Microsoft Edge and Internet Explorer (multiple versions of Edge and IE affected)

Windows Font Library

Malicious LNK File

Microsoft Exchange

Foreshadow (L1TF) Vulnerabilities: Allow information disclosure via speculative execution; are only locally executable (rather than remotely). This vulnerability may allow one virtual machine to improperly access information from another. More details in my dedicated blog post.

====================
Please install the remaining updates at your earliest convenience.

As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.

Please find below summaries of other notable updates released this month.

Thank you.

=======================
Nvidia Geforce Experience Software:
=======================
In late August, Nvidia released a security advisory for their Geforce Experience software for Windows. This update resolves 3 high severity vulnerabilities (as per their CVSS base scores). The necessary updates can be obtained from here.

=======================
VideoLAN VLC:
=======================
On the final day of August, VideoLAN made available VLC 3.0.4. This appears to be a security update for Apple macOS due to the following entries within the releases notes (however it is unclear if this overflow is exploitable by an attacker):

=======================
Text renderer:
* Fix head buffer overflow on macOS with some fonts
=======================

For Linux and Windows this version provides fixes numerous non-security issues. Please update to version 3.0.4 to benefit from these improvements.

=======================
Wireshark 2.4.9 and 2.6.3
=======================
v2.4.9: 3 security advisories

v2.6.3: 3 security advisories

As per standard process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code (v2.6.3) or v2.4.9). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.

=======================
WinSCP:
=======================
In late August; WinSCP version 5.13.1 was released upgrading it’s embedded OpenSSL version to 1.0.2p (which addresses 2x low severity CVEs (Link1 and Link2).

=======================
OpenSSL
=======================
On the 12 June and 16th April 2018; the OpenSSL Foundation issued 2 updates for OpenSSL to address 2x low severity security vulnerabilities as detailed in these security advisories (Link1 and Link2). To resolve these issues please update your OpenSSL installations to 1.1.0i (released 14th August) or 1.0.2o (released 14th August) (as appropriate).

FTP mirrors to obtain the necessary downloads are available from here.

Downloadable Tarballs (compressed/packaged code made for distribution) are available from here.

It should also be possible to use the package manager of a Linux/Unix operating system to update your OpenSSL installation as mentioned within the section titled “Installing updates for Linux distributions” on the “Protecting Your PC” page of this blog.

=======================
VMware
=======================
VMWare issued two security advisories for the following products during August:

Security advisory 1 (addresses 1 vulnerability of Important severity):

  • VMware Horizon 6
  • VMware Horizon 7
  • VMware Horizon Client for Windows
  • VMware Horizon View Agent
  • VMware Horizon Agents Installer (HAI)

Security advisory 2 (addresses 1 vulnerability of Critical severity):

  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro, Fusion (Fusion)

If you use the above VMware products, please review the security advisories and apply the necessary updates.