Webinar Library
Welcome to this November Patch Monday Bulletin. This month we have patches for Photoshop, Acrobat/Reader, iCloud/iTunes, Chrome, Firefox, and Thunderbird. The top priority this month is patching CVE-2018-15979 that affects Adobe Acrobat and Reader. This vulnerability has proof of concept code available and could cause a user to send their NTLM password hash to malicious external resources. An attacker would have to convince a user to open a maliciously crafted PDF to exploit this vulnerability. Follow up with Adobe Flash since it is a Critical Priority 1 update but keep in mind there are no known attacks leveraging any of the remediated vulnerabilities in this product. Next, review and update 3rd party browsers Chrome and Firefox since these browsers are widely deployed and are affected by multiple vulnerabilities. The remaining products may be present but are not widely deployed in the enterprise. Review your environment for the existence of the following products and test updates for iCloud for Windows, iTunes for Windows, Thunderbird, and Photoshop.
Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.
So, without further ado, here’s the chart of non-MS patches that affect Windows platforms in the past month.
Patch data provided by:
Identifier
Vendor/Product
Product Version Affected
Date Released by Vendor
Vulnerability Info
Vendor Severity / Our Recommendation
CVE-2018-15981
Adobe Flash
31.0.0.148 and earlier
11/20/2018
Arbitrary Code Execution, Information Disclosure
Critical Priority 1: Update within 72 hours
CVE-2018-15980
Adobe Photoshop CC
19.1.6 and earlier
11/13/2018
Information Disclosure
Important Priority 3: Update at admin’s discretion
CVE-2018-15979
Adobe Acrobat and Reader
Continuous 2019.008.20080 and earlier
Classic 2017 2017.011.30105 and earlier
Classic 2015 2015.006.30456 and earlier
Important Priority 1: Update within 72 hours
Multiple CVE’s
iCloud for Windows
Before 7.8
10/30/2018
Arbitrary Code Execution, Denial of Service, Cross Site Scripting
Update after testing
iTunes for Windows
Before 12.9.1
Google Chrome
Before 70.0.3538.110
11/19/2018
Denial of Service, Information Disclosure
Mozilla Firefox
Before 63/ESR 60.3
10/23/2018
Denial of Service, Privilege Escalation, Security Bypass, Information Disclosure
Mozilla Thunderbird
Before ESR 60.3
10/31/2018
Security Bypass, Denial of Service
We will not share your address. Unsubscribe anytime. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.