Yesterday Microsoft and Adobe made available their scheduled security updates. Microsoft addressed 74 vulnerabilities (more formally known as CVEs (defined)) with Adobe resolving 42 vulnerabilities.
Adobe Acrobat and Reader: 21x priority 2 vulnerabilities (11x Critical and 10x Important severity)
Adobe Flash: 2x priority 2 vulnerabilities (1x Critical and 1x Important severity)
Adobe Shockwave Player: 7x priority 2 vulnerabilities (7x Critical severity)
Adobe Dreamweaver: 1x priority 3 vulnerability (Moderate severity)
Adobe XD: 2x priority 3 vulnerabilities (2x Critical severity)
Adobe InDesign: 1x priority 3 vulnerability (Critical severity)
Adobe Experience Manager Forms: 1x priority 2 vulnerability (Important severity)
Adobe Bridge CC: 8x priority CVEs (2x Critical, 6x Important)
If you use Acrobat/Reader, Flash or Shockwave, please apply the necessary updates as soon as possible. Please install their remaining priority 2 and 3 updates when you can.
Please note; as per Adobe’s notice Shockwave Player has now reached it’s end of life. No further updates will be made available.
For Microsoft; this month’s list of Known Issues is available within their monthly summary page and applies to all currently supported operating systems. All issues however do have at least 1 workaround:
4487563 Microsoft Exchange Server 2019, 2016, and 2013
4491413 Update Rollup 27 for Exchange Server 2010 Service Pack 3
4493441 Windows 10 version 1709, Windows Server Version 1709
4493446 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4493448 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)
4493450 Windows Server 2012 (Security-only Rollup)
4493451 Windows Server 2012 (Monthly Rollup)
4493458 Windows Server 2008 Service Pack 2 (Security-only update)
4493464 Windows 10 version 1803, Windows Server Version 1803
4493467 Windows 8.1, Windows Server 2012 R2 (Security-only update)
4493470 Windows 10 version 1607, Windows Server 2016
4493471 Windows Server 2008 Service Pack 2 (Monthly Rollup)
4493472 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
4493474 Windows 10 version 1703
4493509 Windows 10 version 1809, Windows Server 2019
4493730 Windows Server 2008 SP2
4493435 Internet Explorer Cumulative Update
You can monitor the availability of security updates for most your software from the following websites (among others) or use one of the utilities presented on this page:
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates.
News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by donating.
For this month’s Microsoft updates, I will prioritize the order of installation below:
Win32k: CVE-2019-0803, CVE-2019-0859 (both are being actively exploited in the wild)
Microsoft Graphics Component (GDI+): CVE-2019-0853
Microsoft Windows IOleCvt Interface: CVE-2019-0845
Microsoft Windows SMB Server: CVE-2019-0786
Please install the remaining updates at your earliest convenience.
As per standard best practice; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.
As noted in the March Update Summary post (due to a critical regression for the version that was released in March) Notepad++ 7.6.6 was released to resolve a critical regression in 7.6.5 which caused Notepad++ to crash. Version 7.6.5 resolved a further 6 security vulnerabilities.
If you use Notepad++, please update to the newest version to benefit from these reliability and security fixes.
Wireshark 3.0.1 and 2.6.8
v3.0.1: 10 security advisories
v2.6.8: 6 security advisories
As per standard process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code (v3.0.1 or v2.6.8). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.