Update: 13th August 2019
Earlier today Adobe and Microsoft released large collections of security updates. They resolve 119 and 93 vulnerabilities (respectively).
Adobe Character Animator: 1x Priority 3 vulnerability resolved (Important severity)
Adobe Premiere Pro CC: 1x Priority 3 vulnerability resolved (Important severity)
Adobe Prelude CC: 1x Priority 3 vulnerability resolved (Important severity)
Adobe Creative Cloud Application: 4x Priority 2 vulnerabilities resolved (2x Critical and 2 Important severity)
Adobe Acrobat and Reader: 76x Priority 2 vulnerabilities resolved (76x Important severity)
Adobe Experience Manager:1x priority 1 vulnerability resolved (1x Critical severity)
Adobe Photoshop CC: 34x priority 3 vulnerabilities resolved (22x Critical and 12x Important)
If you use any of these Adobe products, please apply the necessary updates as soon as possible especially for Adobe Acrobat/Reader, Photoshop CC and Experience Manager
This month’s list of Known Issues from Microsoft is available within their monthly summary page and applies to all currently supported operating systems. Not all issues have workarounds at this time. The up to date list is available from their summary page. For Windows 7, for customers with Symantec Antivirus or Norton Antivirus, a hold has been put on the updates from being offered in Windows Updates due to ”The Windows updates are blocked or deleted by the antivirus program during installation, which may then cause Windows to stop working or fail to start”. The Symantec article linked to at this time is a blank template.
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates.
News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by donating.
For this month’s Microsoft updates, I will prioritize the order of installation below:
Microsoft Remote Desktop Services (RDS): CVE-2019-1181 CVE-2019-1182 CVE-2019-1222, and CVE-2019-1226
Scripting Engine CVE-2019-1133
LNK Remote Code Execution Vulnerability CVE-2019-1188
Windows VBScript Engine CVE-2019-1183
Please install the remaining updates at your earliest convenience.
As per standard best practice; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.
I have provided further details of updates available for other commonly used applications below.
VMware earlier this month released a security advisory to resolve 2 Important severity vulnerabilities within the following products:
VMware vSphere ESXi (ESXi)
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
An attacker could leverage the vulnerability CVE-201-5521 (from the above linked to advisory) to also exploit CVE-2019-5684 to exploit Nvidia’s GPU driver (see below) to gain arbitrary code execution on a system.
If you use the above VMware products particularly with a Nvidia GPU, please review the advisory and apply the necessary updates.
Nvidia late last week issued a related security advisory to that of the above VMware advisory. Nvidia’s advisory resolves 5 locally exploitable vulnerabilities meaning that an attacker would first need to compromise your system before exploiting the vulnerabilities to elevate their privileges (defined). The steps to install the drivers are located here. If you use affected Nvidia graphics cards, please consider updating your drivers (defined) to the most recent available.
Canon Digital Cameras PTP (Picture Transfer Protocol) Vulnerabilities
Canon digital cameras utilising this protocol are potentially vulnerable to a complete takeover of the device while connected to a host PC or a hijacked mobile device.
As per this Canon advisory, please ensure your camera is using the most recent firmware update and that you follow the workarounds listed in the above advisory.
Software Updates for HP , Lexmark, Kyocera , Brother , Ricoh and Xerox Printers
The following links details the vulnerabilities found by security researchers within these printers and link to the relevant software updates:
Security Updates for Corporate and Consumer 4G Modems
G Richter a security researcher from Pen Test Partners disclosed the following vulnerabilities during DEF CON:
MF910 and MF65+ Advisory
8 HTTP/2 DoS (defined) vulnerabilities have been responsibly disclosed by Netflix and Google. According to CloudFlare these vulnerabilities are already being exploited “We have detected and mitigated a handful of attacks but nothing widespread yet”.
Please review the affected vendors matrix within the following CERT advisory and apply the necessary updates: