April, 2019: Patch Monday: Oracle April CPU

Welcome to this April Patch Monday bulletin. This month we present updates for Adobe, Apple, Mozilla, and Oracle. There are no security related updates to popular 3rd party browsers, no priority 1 Adobe patches, and no identified attacks on popular 3rd party applications. Start this month by testing and applying patches to Adobe Flash, Shockwave, and Acrobat/Reader. These are all popular targets with priority 2 patches available. April is an Oracle critical patch update month so there was a Java release that can be applied. Oracle states in their April Update Advisory, “Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay”. Review your environment for the remaining Adobe, Apple, and Mozilla products. These applications may be commonly found in environments where users are able to install their own applications. Use this month to review your patch strategy and assess your visibility of installed applications.

Hey folks, if you’ve been enjoying my Active Directory security trainings, I’d love to meet you in-person at The Experts Conference, August 27-28 in Charleston, SC, where I'll be delivering a keynote session and a hybrid AD breakout session as well as taking your questions 1:1 in the Experts Bar. Here's a link to the whole conference to see all the sessions from me and other AD and Office 365 security experts. NOTE: they have a $300 early-early bird savings if you register by April 30, 2019.

So, without further ado, here’s the chart of non-MS patches that affect Windows platforms in the past month.

Patch data provided by:

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

Multiple CVE’s

Adobe Flash Player

32.0.0.156?and earlier

4/9/2019

Arbitrary Code Execution, Information Disclosure

Critical Priority 2: Update within 30 days

Multiple CVE’s

Adobe Acrobat Reader

Continuous 2019.010.20098 and earlier

Classic 2017 2017.011.30127 and earlier

Classic 2015 2015.006.30482

4/9/2019

Arbitrary Code Execution, Information Disclosure

Critical Priority 2: Update within 30 days

Multiple CVE’s

Adobe Bridge CC

9.0.2

4/9/2019

Remote Code Execution, Information Disclosure

Critical Priority 2: Update within 30 days

CVE-2019-7129

Adobe Experience Manager

6.4, 6.3, 6.2

4/9/2019

Information Disclosure

Important Priority 2: Update within 30 days

CVE-2019-7107

Adobe InDesign

14.0.1 and below

4/9/2019

Arbitrary Code Execution

Critical Priority 3: Update at admin’s discretion

Multiple CVE’s

Adobe XD

16.0 and earlier versions

4/9/2019

Arbitrary Code Execution

Critical Priority 3: Update at admin’s discretion

CVE-2019-7097

Adobe Dreamweaver

19.0 and earlier versions

4/9/2019

Information Disclosure

Moderate Priority 3: Update at admin’s discretion

Multiple CVE’s

Adobe Shockwave Player

12.3.4.204 and earlier

4/9/2019

Arbitrary Code Execution

Critical Priority 2: Update within 30 days

Multiple CVE’s

iCloud for Windows

Before 7.11

3/25/2019

Arbitrary Code Execution, Elevation of Privileges, Information Disclosure, Cross Site Scripting

Update after testing

Multiple CVE’s

iTunes for Windows

Before 12.9.4

3/25/2019

Arbitrary Code Execution, Elevation of Privileges, Information Disclosure, Cross Site Scripting, Security Bypass

Update after testing

Multiple CVE’s

Mozilla Thunderbird

Before 60.6.1

3/25/2019

Denial of Service, Information Disclosure

Update after testing

Multiple CVE’s

Oracle Java

7u211, 8u202, 11.0.2, 12

4/16/2019

Remote Exploit Without Authentication

Update after testing


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.