Note to my readers:
Due to professional commitments over the last several weeks and for the next 2 weeks; updates and new content to this blog have been and will be delayed. I’ll endeavour to return to a routine manner of posting as soon as possible.
Earlier today Microsoft and Adobe released their monthly security updates. Microsoft resolved 79 vulnerabilities (more formally known as CVEs (defined) with Adobe addressing 87 vulnerabilities.
Adobe Flash: 1x priority 2 vulnerability (1x Critical severity)
Adobe Media Encoder: 2x priority 3 vulnerabilities (1x Critical severity and 1x Important severity)
If you use Acrobat/Reader or Flash, please apply the necessary updates as soon as possible. Please install their remaining priority 3 update when time allows.
For Microsoft; this month’s list of Known Issues is available within their monthly summary page and applies to all currently supported operating systems. All issues however do have at least 1 workaround:
4493730 Windows Server 2008 Service Pack 2 (Servicing Stack Update)
4494440 Windows 10, version 1607, Windows Server 2016
4494441 Windows 10, version 1809, Windows Server 2019
4497936 Windows 10, version 1903
4498206 Internet Explorer Cumulative Update
4499151 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
4499154 Windows 10
4499158 Windows Server 2012 (Security-only update)
4499164 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1
4499165 Windows 8.1 Windows Server 2012 R2 (Security-only update)
4499167 Windows 10, version 1803
4499171 Windows Server 2012 (Monthly Rollup)
4499179 Windows 10, version 1709
4499180 Windows Server 2008 Service Pack 2 (Security-only update)
4499181 Windows 10, version 1703
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates.
News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by donating.
For this month’s Microsoft updates, I will prioritize the order of installation below:
Windows RDP: CVE-2019-0708 (also includes an update for Windows Server 2003 and Windows XP)
Scripting Engine: CVE-2019-0924 , CVE-2019-0927 , CVE-2019-0922 , CVE-2019-0884 , CVE-2019-0925 , CVE-2019-0937 , CVE-2019-0918 , CVE-2019-0913 , CVE-2019-0912 , CVE-2019-0911 , CVE-2019-0914 , CVE-2019-0915 , CVE-2019-0916 , CVE-2019-0917
Windows DHCP Server: CVE-2019-0725
Microsoft Word: CVE-2019-0953
Microsoft Graphics Component: CVE-2019-0903
Windows Error Reporting: CVE-2019-0863
For the Intel Microarchitectural Data Sampling (MDS) vulnerabilities, please follow the advice of Intel and Microsoft within their advisories. A more thorough list of affected vendors is available from here.
Please install the remaining updates at your earliest convenience.
As per standard best practice; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.
Nvidia Graphics Drivers:
3 security vulnerabilities with the most severe having a CVSS V3 (defined) base score of 7.7 have been resolved within Nvidia’s graphics card drivers (defined) in May. These vulnerabilities affect Windows only. All 3 are local vulnerabilities rather than remote meaning that an attacker would first need to compromise your system before exploiting the Nvidia vulnerabilities to elevate their privileges. The steps to install the drivers are located here. If you use affected Nvidia graphics card, please consider updating your drivers to the most recent available.
VMWare has released the following security advisories:
Security Advisory 2: Addresses 4x vulnerabilities present in Workstation Pro and the products listed below. Please make certain to install Intel microcode updates as they become available for your systems as they become available in addition to these VMware updates:
VMware vCenter Server (VC)
VMware vSphere ESXi (ESXi)
VMware Fusion Pro / Fusion (Fusion)
vCloud Usage Meter (UM)
Identity Manager (vIDM)
vCenter Server (vCSA)
vSphere Data Protection (VDP)
vSphere Integrated Containers (VIC)
vRealize Automation (vRA)
If you use the above VMware products, please review the security advisories and apply the necessary updates.