July, 2015: Patch Monday: Active Attacks and Zero Day Vulnerabilities

Welcome to this July Patch Monday bulletin. It is time to get your patch management software ready because there was quite a bit of activity this month. There were several zero day vulnerabilities announced that were subsequently patched by Oracle and Adobe. Make the Adobe and Oracle patches your top priority this month. The patch experts at Lumension suggest that once you've worked through the Adobe updates, you should also take a look at Java. They are also dealing with a new 0-day thanks to the Hacking Team, their first since 2013. It involves a separate Windows vulnerability, CVE-2012-015, which Microsoft addressed in 2012 in bulletin MS12-027. Oracle released updates…to Java JRE to address 25 total security vulnerabilities, 23 of which can be remotely exploitable.” We would also like to mention that potential arbitrary code execution vulnerabilities were identified in all of the remaining platforms including QuickTime, iTunes, Safari, Chrome, Firefox, and Thunderbird. Review what is being run in the environment to determine the priority of these remaining patches.

When it comes to endpoint security, the best first line of defense is patch management. Take the first step to quantifying your IT risk and enhancing your endpoint security posture with the Lumension® Patch Scanner you can:

  • Scan for OS and 3rd party application patches
  • Prioritize remediation to improve security stance
  • Gain visibility into apps being used in your environment
  • Generate web-based reports

Click here assess your vulnerabilities now

So, without further ado, here’s the chart of non-MS patches that affect Windows platforms in the past month.

Patch data provided by:


https://www.ultimatewindowssecurity.com/images/Lumension-Logo-HEAT-Tagline.png

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

APSB15-18

Adobe Flash

Win/Mac 18.0.0.203

and earlier

Win/Mac ESR

13.0.0.302

and earlier

Linux

18.0.0.204

and earlier

7/14/2015

Arbitrary Code Execution

Critical: Priority 1/ Upgrade within 72 hours

APSB15-17

Adobe Shockwave

Win/Mac

12.1.8.158

and earlier

7/14/2015

Arbitrary Code Execution

Critical: Priority 1/ Upgrade within 72 hours

APSB15-15

Adobe Acrobat/Reader

Win/Mac

11.0.11

and earlier

10.1.14

and earlier

7/8/2015

Arbitrary Code Execution

Critical: Priority 1/ Upgrade within 72 hours

APSB15-15

Adobe Acrobat/Reader  DC

Win/Mac Continuous 2015.007.20033

Classic

2015.006.30033

7/8/2015

Arbitrary Code Execution

Critical: Priority 1/ Upgrade within 72 hours

7.7.7

Apple Quicktime

Before 7.7.7

6/30/2015

Arbitrary Code Execution, Denial of Service

Update as soon as possible

12.2

iTunes

Before 12.2

6/30/2015

Arbitrary Code Execution, Denial of Service

Update as soon as possible

8.0.7/7.1.7/

6.2.7

Safari

Before 8.0.7/7.1.7/

6.2.7

6/30/2015

Arbitrary Code Execution, Denial of Service, Cross Site Scripting, Security Bypass,

Update as soon as possible

44.0.2403.107

Google Chrome

Before 44.0.2403.89

7/24/2015

Arbitrary Code Execution, Cross Site Scripting, Denial of Service, Security Bypass, Spoofing,

Update as soon as possible

39/ESR 38.1

Mozilla Firefox

Before

39/ESR 38.1

7/2/2015

Arbitrary Code Execution, Denial of Service, Information Disclosure, Security Bypass, Spoofing

Update as soon as possible

38.1

Mozilla Thunderbird

Before

38.1

7/2/2015

Arbitrary Code Execution, Denial of Service, Security Bypass

Update as soon as possible

July CPU

Java

Before

6u95, 7u80, 8u45

7/17/2015

Arbitrary Code Execution

Update as soon as possible


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.