September, 2019: Patch Monday: Light Month for 3rd Party Patches

Welcome to this September Patch Monday Bulletin. This is a lighter month with patches from Adobe, Google, and Mozilla. There were no known attacks on any products listed in this month’s bulletin. Start this month updates to Flash. Two critical arbitrary code execution vulnerabilities are remediated in Flash 32.0.0.255. This is considered a priority 2 Follow up by patching 3rd party browsers in your environment. Finally, review your environment for the presence of Mozilla Thunderbird and Adobe Application Manager.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of non-MS patches that affect Windows platforms in the past month.

Patch data provided by:

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

Multiple CVE’s

Adobe Flash Player

32.0.0.238 and earlier

Edge/IE

32.0.0.207 ?and earlier

9/10/2019

Arbitrary Code Execution

Critical Priority 2: Update within 30 days

CVE-2019-8076

Adobe Application Manager

10.0

9/10/2019

Arbitrary Code Execution

Important Priority 3: Update at admin’s discretion

Multiple CVE’s

Google Chrome

Before 77.0.3865.90

9/18/2019

Spoofing, Use-after-free, Information Disclosure, Security Bypass, Denial of Service

Update after testing

Multiple CVE’s

Mozilla Firefox

Before 69.0.1/ESR 68.1

9/18/2019

Denial of Service, XSS, Security Bypass, Privilege Escalation, Information Disclosure, Arbitrary Code Execution

Update after testing

Multiple CVE’s

Mozilla Thunderbird

Before 68.1

9/11/2019

Information Disclosure, Denial of Service, XSS, Security Bypass

Update after testing


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.