I hope this posts finds you doing well in these difficult times.
I’m writing this post early to highlight the availability of 2 important updates, for Mozilla Firefox and Google Chrome. I’ll update the post when Adobe and Microsoft release their expected security updates.
Thank you and please stay safe.
Update: 19th May 2020
Sorry for not updating this post sooner.
As scheduled both Adobe and Microsoft released their monthly security updates addressing 36 vulnerabilities and 111 vulnerabilities (respectively). These vulnerabilities are more formally known as CVEs (defined).
Adobe’s updates for this month are as following:
Adobe DNG Software Development Kit (SDK): 12x Priority 3 CVEs resolved (4x Critical and 8x Important severity)
Adobe have since released further security updates:
Adobe Audition: 1x Priority 3 CVE resolved (1x Important severity)
Adobe Character Animator: 1x Priority 3 CVE resolved (1x Critical severity)
Adobe Premiere Pro: 1x Priority 3 CVE resolved (1x Important severity)
Adobe Premiere Rush: 1x Priority 3 CVE resolved (1x Important severity)
If you use the above Adobe products, please install these updates as soon as possible since they resolve multiple critical vulnerabilities. Similar to January, March and April no updates for Adobe Flash were released.
A further useful source of update related information is the US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
As always for this month’s Microsoft updates, I will prioritize the order of installation below:
Windows Graphics Component: CVE-2020-1135
Microsoft Internet Explorer: CVE-2020-1062
VBScript Remote Code Execution Vulnerability: CVE-2020-1035
Windows Media Foundation: CVE-2020-1126
Microsoft Color Management: CVE-2020-1117
Windows Print Spooler: CVE-2020-1048
Microsoft Windows Transport Layer Security Denial of Service Vulnerability: CVE-2020-1118
Please install the remaining updates at your earliest convenience.
As per standard best practice, I would recommend backing up the data on any device for which you are installing updates to prevent data loss in the rare event that any update causes unexpected issues.
I have also provided further details of updates available for other commonly used applications and devices below.
To all of my readers and your families, I hope you are staying safe during these challenging times. Thank you.
In the first week of May, Mozilla released Firefox 76 and Firefox ESR (Extended Support Release) 68.8 to resolve the following vulnerabilities:
Firefox 76.0: Addresses 3x critical severity CVEs, 2x high severity CVEs, 4x moderate CVEs and 1x low CVE
Firefox 68.8 ESR: Addresses 3x critical severity CVEs, 2x high severity CVEs and 2x moderate severity CVEs
Firefox 76 introduces a new password manager (with the ability to generate difficult to guess passwords) which includes a means of detecting if a password was part of a password breach and now requires changing or the use of the same password on multiple websites.
An improved picture in picture experience is also included. Firefox 76.0.1 has since been released resolving non-security issues such as crashing add-ons e.g. the Amazon Assistant extension and crashing with Nvidia GPU drivers on Windows 7 32 bit (my thanks to Bogdan Popa of Softpedia.com and Mozilla for this information).
Early last week, Google released Chrome version 81.0.4044.138 for Linux, Mac and Windows to resolve 3 security vulnerabilities with the most severe 2 issues being of high severity.
Google Chrome updates automatically and will apply the update the next time Chrome is closed and then re-opened. Chrome can also be updated immediately by clicking the Options button (it looks like 3 vertically stacked dots) in the upper right corner of the window and choosing “About Google Chrome” from the menu. Follow the prompt to Re-launch Chrome for the updates to take effect.
VMware released 3 security advisories this month to resolve vulnerabilities within the following products:
VMware vRealize Operations Application Remote Collector (ARC)
VMware Cloud Director
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Remote Console for Mac (VMRC for Mac)
VMware Horizon Client for Mac
If you use any of the above products, please review the above advisories and install the applicable security updates as soon as possible.