December, 2018: Patch Monday: Adobe Flash Exploited in the Wild

Welcome to this December Patch Monday Bulletin. This month brings updates to Acrobat/Reader, Flash, iCloud/iTunes for Windows, Chrome, and Firefox. The most important vulnerability this month is CVE-2018-15982 which affects Adobe Flash Player. There are reports that this vulnerability is being exploited in the wild and could result in arbitrary code execution. It may be a good time to sit down and figure out whether flash is necessary in your environment and review flash configuration settings. Follow up with Adobe Acrobat/Reader due to the extreme amount of vulnerabilities that are remediated with this update. Review the environment for the presence of Chrome or Firefox and update accordingly. Finally, apply updates to iTunes and iCloud if they are used in the environment.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of non-MS patches that affect Windows platforms in the past month.

Patch data provided by:

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

Multiple CVE’s

Adobe Acrobat and Reader

Windows Continuous 2019.008.20081 and earlier

MacOS Continuous 2019.008.20080 and earlier

Windows Classic 2017 2017.011.30106 and earlier

macOS Classic 2017 2017.011.30105 and earlier

Windows Classic 2015 2015.006.30457 and earlier

macOS Classic 2015

2015.006.30456 and earlier

12/11/2018

Arbitrary Code Execution, Privilege Escalation, Information Disclosure

Critical Priority 2: Update within 30 days

Multiple CVE’s

Adobe Flash

Player 31.0.0.153 and earlier

Installer 31.0.0.108 and earlier

12/5/2018

Arbitrary Code Execution,

Privilege Escalation

Critical Priority 1: Update within 72 hours

Multiple CVE’s

Apple iCloud for Windows

Before 7.9

12/5/2018

Arbitrary Code Execution, Spoofing

Update after testing

Multiple CVE’s

Apple iTunes for Windows

Before 12.9.2

12/5/2018

Arbitrary Code Execution, Spoofing

Update after testing

Multiple CVE’s

Google Chrome

Before 71.0.3578.98

12/12/2018

Information Disclosure, Spoofing, Denial of Service, Security Bypass, Arbitrary Code Execution

Update after testing

Multiple CVE’s

Mozilla Firefox

Before 64/ESR 60.4

12/11/2018

Denial of Service, Security Bypass

Update after testing


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.