Webinar Library
Welcome to my November Patch Monday newsletter. It has been a really lite month with patching. The biggest issue for us to look at are browsers. Since many browsers are Chromium based you'll want to pay attention to the update released by Google this past month. Google released updates to Chrome for two zero-days in the past month. On October 27th they released an update addressing CVE-2022-3723. Also on November 24th they released another updated addressing CVE-2022-4135. Both of these updates are rated "High" by Google and they have reported that exploits for both of these CVE's exists in the wild. You'll want to make sure that Chrome gets updated and restarted to remediate any possibility of these flaws being explioted. Besides that we have the standard updates to Mozilla and a few Apple products. The details for these are in the chart below.
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
Patch data provided by:
Identifier
Vender/Product
Product Version Affected
Date Released by Vender
Vulnerability Info
Vender Severity / Our Recommedation
Multiple CVE's
Apple Xcode
Before 14.1
11/1/2022
Information Disclosure, Arbitrary Code Execution, Privilege Escalation
Update after testing
Apple iOS and iPadOS
Before 16.1.1 iOS Before 16.1.1 iPadOS
11/9/2022
Arbitrary Code Execution
Apple macOS
Ventura before 13.0.1
Google Chrome
Before 107.0.5304.121
11/24/2022
Use After Free, Heap Buffer Overflow, Type Confusion
Update as soon as possible
Mozilla Thunderbird
Before 102.5
11/15/2022
Use After Free, Spoofing, Cross-Site Tracing, Keystroke Logging
Mozilla Firefox
Before 107 ESR before 102.5