Apologies this notification is late due to my professional commitments.
As expected, on Tuesday 12th November Adobe and Microsoft made available their scheduled security updates. Adobe addressed 11 vulnerabilities with Microsoft also addressing 74 vulnerabilities more formally known as CVEs (defined).
Adobe Bridge CC: 2x Priority 3 CVEs resolved (2x Important severity)
Adobe Illustrator CC: 3x Priority 3 CVEs resolved (1x Critical severity and 2x Important severity)
Adobe Media Encoder: 5x Priority 3 CVEs resolved (1x Critical severity and 4x Important severity)
If you use the above Adobe products, please install these updates (especially in the case of the above critical vulnerabilities).
Within Microsoft’s monthly summary; there are Known Issues for 13 Microsoft products but all have workarounds or updates available to resolve them.
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
For this month’s Microsoft updates, I will prioritize the order of installation below:
Microsoft Graphics Component (Win32k Graphics): CVE-2019-1441
Microsoft Graphics Component (OpenType font Parsing): CVE-2019-1419
Microsoft Exchange Server: CVE-2019-1373
Windows Media Player: CVE-2019-1430
Please install the remaining less severe updates at your earliest convenience.
As per standard best practice; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.
I have provided further details of updates available for other commonly used applications below.
Google Chrome updates automatically and will apply the update the next time Chrome is closed and then re-opened. Chrome can also be updated immediately by clicking the Options button (it looks like 3 vertically stacked dots) in the upper right corner of the window and choosing “About Google Chrome” from the menu. Follow the prompt to Re-launch Chrome for the updates to take effect.
Intel Security Advisories:
Intel have released a series of security advisories this month. The critical and high priority advisories are the following:
The remaining advisories are of medium priority:
2019.2 IPU – Intel® Processor Machine Check Error Advisory
If you use any of the affected software or products, please update them as soon as possible especially in the case of the critical and high severity advisories.
VMware made available two security advisories, one of Important severity and the other of Moderate severity to addresses vulnerabilities within the following products:
Important Severity Advisory:
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
Moderate Severity Advisory:
If you use the above VMware products, please review the advisories and apply the necessary updates.
In early November Nvidia made available Windows driver updates for their Geforce, Tesla and Quadro/NVS GPUs as well as their vGPU software (for Linux and Windows). All vulnerabilities are local vulnerabilities rather than remote meaning that an attacker would first need to compromise your system before exploiting the Nvidia vulnerabilities to elevate their privileges. The steps to install the drivers are located here. If you use the affected Nvidia graphics cards or software, please consider updating your drivers to the most recent available.
Further updates were made available for the NVFlash tool (not applicable to end users) and Nvidia Geforce Experience. To resolve the local vulnerabilities within Geforce Experience apply the necessary update by opening Geforce Experience which will automatically update it or the update can be obtained from here.