Yesterday Microsoft and Adobe published their routine monthly updates resolving 62 and 3 vulnerabilities (more formally known as CVEs (defined)) respectively. More information is available from Microsoft’s monthly summary page and Adobe’s blog post.
Microsoft’s updates also come with a list of Known Issues that will be resolved in future updates. They are listed below for your reference:
KB4467702 (file type association issue to be resolved later in November 2018)
As summarized above; Adobe issued 3 updates for the following products:
Adobe Flash Player: Priority 2: Resolves 1x Important CVE
Adobe Photoshop CC: Priority 3: Resolves 1x Important CVE
As per standard practice if you use any of the above Adobe software, please update it as soon as possible especially in the case of Acrobat DC and Reader DC due to the public proof of concept code released.
You can monitor the availability of security updates for most your software from the following websites (among others) or use one of the utilities presented on this page:
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
A further useful source of update related information is the Calendar of Updates.
News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
If you like and use it, please also consider supporting that entirely volunteer run website by donating.
For this month’s Microsoft updates, I will prioritize the order of installation below:
Microsoft Edge and Internet Explorer (multiple versions of Edge and IE affected)
Windows Deployment Services (if used within your organization)
Microsoft Office (11x CVEs + 3x further CVEs in Office SharePoint)
Please install the remaining updates at your earliest convenience.
As usual; I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues. I have provided further details of updates available for other commonly used applications below.
Please find below summaries of other notable updates released this month.
Nvidia Graphics Drivers:
A low severity vulnerability (this is a local rather than a remotely exploitable vulnerability) with a CVSS V3 (defined) base score 2.2 had been found within Nvidia’s graphics card drivers (defined). At the time of writing no fix is yet available but will address it in a future driver release. Please monitor their security advisory for further updates.