January, 2016: Patch Monday: Light Month, No Active Attacks

Welcome to this January Patch Monday Bulletin. This month delivers patches from Adobe, Apple, Google, and Oracle. This month provides less critical patches than previous months but that does not mean we can take it easy, vulnerability details have yet to be released for Java and Chrome. Adobe and Java are the two most widely used pieces of software and should be applied first. Evaluate the environment to determine whether Safari are Chrome are used and apply updates as appropriate. Following this month it may be a good opportunity to start planning for the next Java patch in April. Take the next 3 months to identify how Java is used, what versions are installed in the environment, identify old java dependencies, and create a plan to quickly test and deploy the Java patch when it comes out. A little planning can go a long way to reduce the time to patch.

Correlate application security events with all the other enterprise events

If your SIEM isn't getting the security events from Microsoft's enterprise applications, it is missing an important part of the story. SQL Server, Exchange and SharePoint audit logs are too important to be missing from your SIEM or log management solution. Find out more about how to audit these applications, and learn how to get their security audit event data into your SIEM.

Browse to www.logbinder.com/Solutions

Patch data provided by:



Product Version Affected

Date Released by Vendor

Vulnerability Info

Severity / Our Recommendation


Adobe Acrobat/Reader


DC Continuous 15.009.20077 and earlier


DC Classic 15.006.30097 and earlier


XI 11.0.13 and earlier


Arbitrary Code Execution

Critical: Priority 2/ Upgrade within 30 days


Apple Safari

Before 9.0.3


Arbitrary Code Execution, Information Disclosure

Update after testing


Google Chrome

Before 48.0.2564.82


Spoofing, Information Disclosure

Update after testing


Oracle Java

6u105, 7u91, 8u66


Potentially Exploitable Vulnerabilities

Update after testing

Send me this chart next Patch Tuesday.
We will not share your address. Unsubscribe anytime.