Welcome to this May Patch Monday bulletin. This month delivers patches from Adobe, Apple, Google and Mozilla. The good news this month is that there are no reports of the listed vulnerabilities being attacked in the wild. Take a look at Adobe Flash and your prevalent browsers like Chrome or Firefox. These will be the most impactful targets In the event an exploit is developed for one of the patched vulnerabilities. Follow up with iCloud/iTunes for Windows and Adobe Experience if those are used in the environment. A good question to ask yourself is whether you can accurately determine what is being used in the environment. This can be a difficult but critical question when trying to reduce exposure from unpatched software especially when users can install software themselves.
LOGbinder:Feed your SIEM a High Nutrition Diet
To achieve compliance and to stop APTs, your security analysts need to see what's happening in your applications and on your endpoints Unleash the power of native Windows Event Collection with Supercharger and track every endpoint with no agents, no polling and no noise. Put application audit logs where they belong – in your SIEM. Then correlate application security intelligence with the rest of your security activity. But getting application audit logs into your SIEM is surprisingly difficult. LOGbinder bridges the gap for a growing number of applications.
So, without further ado, here's the chart of non-MS patches that affect Windows platforms in the past month.
Patch data provided by:
Product Version Affected
Date Released by Vendor
Severity / Our Recommendation
Win/Linux 22.214.171.124 and earlier
126.96.36.199 and earlier
Arbitrary Code Execution
Critical Priority 1: Update within 72 hours
Adobe Experience Manager Forms
6.0, 6.1, 6.2
Important Priority 2: Update within 30 days
iCloud for Windows
Update after testing
iTunes for Windows
Before 53.0.2/ESR 52.1.1
Denial of Service