Webinar Library
Welcome to this April Patch Monday bulletin. This month we present updates for Adobe, Apple, Mozilla, and Oracle. There are no security related updates to popular 3rd party browsers, no priority 1 Adobe patches, and no identified attacks on popular 3rd party applications. Start this month by testing and applying patches to Adobe Flash, Shockwave, and Acrobat/Reader. These are all popular targets with priority 2 patches available. April is an Oracle critical patch update month so there was a Java release that can be applied. Oracle states in their April Update Advisory, “Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay”. Review your environment for the remaining Adobe, Apple, and Mozilla products. These applications may be commonly found in environments where users are able to install their own applications. Use this month to review your patch strategy and assess your visibility of installed applications.
Hey folks, if you’ve been enjoying my Active Directory security trainings, I’d love to meet you in-person at The Experts Conference, August 27-28 in Charleston, SC, where I'll be delivering a keynote session and a hybrid AD breakout session as well as taking your questions 1:1 in the Experts Bar. Here's a link to the whole conference to see all the sessions from me and other AD and Office 365 security experts. NOTE: they have a $300 early-early bird savings if you register by April 30, 2019.
So, without further ado, here’s the chart of non-MS patches that affect Windows platforms in the past month.
Patch data provided by:
Identifier
Vendor/Product
Product Version Affected
Date Released by Vendor
Vulnerability Info
Vendor Severity / Our Recommendation
Multiple CVE’s
Adobe Flash Player
32.0.0.156?and earlier
4/9/2019
Arbitrary Code Execution, Information Disclosure
Critical Priority 2: Update within 30 days
Adobe Acrobat Reader
Continuous 2019.010.20098 and earlier
Classic 2017 2017.011.30127 and earlier
Classic 2015 2015.006.30482
Adobe Bridge CC
9.0.2
Remote Code Execution, Information Disclosure
CVE-2019-7129
Adobe Experience Manager
6.4, 6.3, 6.2
Information Disclosure
Important Priority 2: Update within 30 days
CVE-2019-7107
Adobe InDesign
14.0.1 and below
Arbitrary Code Execution
Critical Priority 3: Update at admin’s discretion
Adobe XD
16.0 and earlier versions
CVE-2019-7097
Adobe Dreamweaver
19.0 and earlier versions
Moderate Priority 3: Update at admin’s discretion
Adobe Shockwave Player
12.3.4.204 and earlier
iCloud for Windows
Before 7.11
3/25/2019
Arbitrary Code Execution, Elevation of Privileges, Information Disclosure, Cross Site Scripting
Update after testing
iTunes for Windows
Before 12.9.4
Arbitrary Code Execution, Elevation of Privileges, Information Disclosure, Cross Site Scripting, Security Bypass
Mozilla Thunderbird
Before 60.6.1
Denial of Service, Information Disclosure
Oracle Java
7u211, 8u202, 11.0.2, 12
4/16/2019
Remote Exploit Without Authentication
We will not share your address. Unsubscribe anytime. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.