November, 2016: Patch Monday: No Active Attacks for Adobe, Google, Mozilla, and Apple

Welcome to this November Patch Monday Bulletin. This is a fairly uneventful month with typical updates from Adobe, Google, Mozilla and Apple. At the time of this writing there were no known actively attacked vulnerabilities. Adobe released Priority 1 patches for Flash Player on Windows, Mac and Linux that resolves 9 vulnerabilities that include potential arbitrary code execution vulnerabilities. Follow up with patches for Firefox and Chrome. Both browser resolve numerous high and critical vulnerabilities that are potentially exploitable. iTunes released an update for Windows that remediates potential arbitrary code execution and information disclosure vulnerabilities. Finish the month up with a patch for Adobe Connect if it is used within the organization.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosecteam. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here's the chart of non-MS patches that affect Windows platforms in the past month.

Patch data provided by:

LOGbinder.com

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

Multiple CVE’s

Adobe Flash Player

Win/Mac 23.0.0.205 and earlier

Linux 11.2.202.643 and earlier

11/8/2016

Arbitrary Code Execution

Priority 1: Update in 72 hours

CVE-2016-7851

Adobe Connect

9.5.6 and earlier versions

11/8/2016

Cross Site Scripting

Priority 3: Update at admin’s discretion

Multiple CVE’s

Apple iTunes

Windows before 12.5.2

10/27/2016

Arbitrary Code Execution, Information Disclosure

Update as soon as possible

Multiple CVE’s

Google Chrome

Win 54.0.2840.99

Mac 54.0.2840.98

Linux 54.0.2840.100

11/9/2016

Information Disclosure, Denial of Service

Update after testing

Multiple CVE’s

Mozilla Firefox

Before 50/ESR 45.5

11/15/2016

Denial of Service, Security Bypass, Spoofing, Privilege Escalation

Update as soon as possible


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.