May, 2018: Patch Monday: Two Acrobat Zero Days

Welcome to this May Patch Monday bulletin. This month we have patches from Adobe, Google and Mozilla with exploits against Adobe Acrobat. Start this month by patching Adobe Acrobat since there are reports that exploits exist for CVE-2018-4990 and CVE-2018-4993. Proof of concept code exists for CVE-2018-4993 and there are reports of attacks against CVE-2018-4990 in the wild. Educate users to spot suspicious emails and safe practices opening documents and evaluate mitigations that are available. Following mitigation recommendations can help stop attacks against CVE-2018-4993 by blocking users from following links in PDF’s. Follow up with Adobe Flash and Chrome or Firefox if they exist in your environment. Review the environment and update Thunderbird and the remaining Adobe products that have patches.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

Multiple CVE’s

Adobe Creative Cloud

4.4.1.298 and earlier versions

5/8/2018

Privilege Escalation, Security Bypass

Critical Priority 2: Update within 30 days

CVE-2018-4944

Adobe Flash Player

29.0.0.140 and earlier

5/8/2018

Arbitrary Code Execution

Critical Priority 2: Update within 30 days

CVE-2018-4994

Adobe Connect

9.7.5 and earlier

5/8/2018

Information disclosure

Important Priority 2: Update within 30 days

Multiple CVE’s

Adobe Acrobat

Continuous 2018.011.20038 and earlier versions

Classic 2017 2017.011.30079 and earlier versions

Classic 2015

2015.006.30417 and earlier versions

5/14/2018

Arbitrary Code Execution, Information Disclosure, Security Bypass

Critical Priority 1: Update within 72 hours

CVE-2018-4946

Adobe Photoshop

CC 2018 19.1.3 and earlier

MacOS CC 2017 18.1.3 and earlier

Win CC 2017 18.1.2 and earlier

5/14/2018

Remote Code Execution

Critical Priority 3: Update at admin’s discretion

Multiple CVE’s

Google Chrome

Before 66.0.3359.181

5/15/2018

Privilege Escalation, Denial of Service

Update after testing

Multiple CVE’s

Mozilla Firefox

Before 60/ESR 52.8

5/18/2018

Denial of Service, Security Bypass, Arbitrary Code Execution, Information Disclosure, Spoofing

Update after testing

Multiple CVE’s

Mozilla Thunderbird

Before 52.8

5/18/2018

Information Disclosure, Denial of Service, Spoofing, Security Bypass

Update after testing


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.