March, 2015: Patch Monday: Browsers, browsers and more browsers

Welcome to the March Patch Monday bulletin. Let’s start this month off with the patch for Adobe Flash since it is a critical: Priority 1 patch for a very popular target. Adobe did not mention active attacks against their platform but a potential arbitrary code execution vulnerability is remediated with this patch. The remaining 4 patches are for popular browsers including Chrome, Firefox/SeaMonkey, and Safari. Each browser has multiple vulnerabilities that are fixed, and all but Chrome fix arbitrary code execution. The annual Pwn2Own competition was this last week and every major browser was exploited so prepare for more patches to be released. The Mozilla update already fixes 2 vulnerabilities exploited at Pwn2Own. This month may be a good time to examine what type of software is in your environment. A software inventory is critical to a patch management program especially when there are 3 popular browsers with patches available and potentially more to come. Knowing what is installed and where it is installed can help prioritize your efforts.

One of the most frequent complaints I hear from you folks is “We need a SIEM but can't afford the big enterprise solutions.” And as a tech-heavy small business owner I truly understand the need for software that installs in minutes and doesn't require a ton of planning, learning, design and professional services before you start getting results. So I recently reviewed a fast, easy and affordable SIEM and Log Management solution that I think deserves your attention. Read the blog about it here.

Easily patch the servers, desktops, and laptops in your Windows environment with SolarWinds Patch Manager. Download a free fully functional 30 day trial of SolarWinds Patch Manager.

  • Centrally deploy patches to physical & virtual Windows® desktops & servers with pre-built, tested patches from vendors such as Adobe®, Apple®, Google®, Mozilla®, Oracle® & others
  • Decrease security risks & service performance degradation by controlling when & where patches are applied
  • View the patch status of mission-critical servers with an intuitive patch status dashboard
  • Pass audits and demonstrate compliance with out-of-the-box reports and dashboard views
  • Extend your WSUS or SCCM patch management environment to apply common 3rd-party patches for Adobe®, Apple®, Google®, Mozilla®, and Oracle® Java™ management solution

Click here to find out more about SolarWinds Patch Manger.

So, without further ado, here’s the chart of non-MS patches that affect Windows platforms in the past month. 

Patch data provided by:

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

APSB15-05

Adobe Flash

Win/MAC before 16.0.0.305

and earlier

Linux

11.2.202.442

and earlier

3/12/2015

Arbitrary Code Execution

Critical: Priority 1/ Upgrade within 72 hours

41.0.2272.101

Google Chrome

Win/Mac/Linux before

41.0.2272.101

3/19/2015

Denial of Service, Security Bypass, Information Disclosure

Update at admin's discretion

36.0.4/ESR 31.5.3

Mozilla Firefox

Before

36.0.4/ESR 31.5.3

3/20/2015

Arbitrary Code Execution, Privilege Escalation

Update as soon as possible

2.33.1

Mozilla SeaMonkey Before 2.33.1 3/20/2015 Arbitrary Code Execution, Privilege Escalation Update as soon as possible

8.0.4/7.1.4/

6.2.4
Apple Safari Before 8.0.4/7.1.4/6.2.4 3/17/2015 Arbitrary Code Execution, Denial of Service Update as soon as possible


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.