Earlier this month Microsoft closed out the year with a small number of security updates. They resolved 32 vulnerabilities. Further details are provided within Microsoft’s new Security Updates Guide.
Sorry for not posting this sooner; travelling for my job meant my time was much more limited.
No Known Issues were listed as occurring for this months update.
Meanwhile Adobe also completed their yearly updates with a single update for Flash Player resolving a single priority 2 CVE (defined).
You can monitor the availability of security updates for most your software from the following websites (among others) or use Secunia PSI:
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by donating.
For December Microsoft updates, I will prioritize the order of installation below:
Windows RRAS (Routing and Remote Access) Service Remote Code Execution Vulnerability
Please install the remaining updates at your earliest convenience.
As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.
VMware AirWatch Console and other VMware Products
A security advisory for VMware AirWatch Console to address a moderate security vulnerability was made available in December. A further security advisory to address 4 important vulnerabilities within the products listed below was also published:
- vCenter Server Appliance
Google Chrome updates automatically and will apply the update the next time Chrome is closed and then re-opened. Chrome can also be updated immediately by clicking the Options button (it looks like 3 stacked small horizontal lines, sometimes called a “hamburger” button) in the upper right corner of the window and choosing “About Google Chrome” from the menu. Follow the prompt to Re-launch Chrome for the updates to take effect.
Apple security updates:
During the first half of December Apple made available security updates for the following products:
Apple tvOS 11.2 and 11.2.1
Apple iOS 11.2 and 11.2.1
Apple watchOS 4.2
Apple Safari 11.0.2
Apple macOS High Sierra 10.13.2, Sierra and El Capitan
Apple iTunes 12.7.2 for Windows
AirPort Base Station Firmware Update 7.6.9 and AirPort Base Station Firmware Update 7.7.9
Apple iCloud for Windows 7.2
Please see these links from Apple for advice on backing up your iPhone and iPad. Advice for updating tvOS is available here while the steps for updating the Apple Watch are available here. Further details of these updates are available on Apple’s dedicated security updates page.
Mozilla Firefox and Firefox ESR
During December Mozilla released security updates for Firefox and Firefox ESR (Extended Support Release) raising their version numbers to 57.0.2 and 52.5.2 respectively.
- Firefox 57.0.2 resolves 1 CVE
- Firefox ESR 52.5.2 resolves 2 CVEs.
As always full details of the security issues resolved by these updates are available in the following links:
Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, please update it as soon as possible to resolve these security issues.
In early December VideoLAN made available version 2.2.8 of VLC for Linux, Apple macOS and Windows. It addresses 4 security vulnerabilities (3 of which were addressed in 2.2.7). If you use VLC, please update as soon as possible to address the above mentioned security vulnerabilities as well as the general software bugs that were resolved.
In mid-December; WinSCP version 5.11.3 was released upgrading it’s embedded OpenSSL version to 1.0.2n (which addresses 1x moderate and 1x low severity CVEs).