January, 2016: Patch Monday: Light Month, No Active Attacks

Welcome to this January Patch Monday Bulletin. This month delivers patches from Adobe, Apple, Google, and Oracle. This month provides less critical patches than previous months but that does not mean we can take it easy, vulnerability details have yet to be released for Java and Chrome. Adobe and Java are the two most widely used pieces of software and should be applied first. Evaluate the environment to determine whether Safari are Chrome are used and apply updates as appropriate. Following this month it may be a good opportunity to start planning for the next Java patch in April. Take the next 3 months to identify how Java is used, what versions are installed in the environment, identify old java dependencies, and create a plan to quickly test and deploy the Java patch when it comes out. A little planning can go a long way to reduce the time to patch.

Correlate application security events with all the other enterprise events

If your SIEM isn't getting the security events from Microsoft's enterprise applications, it is missing an important part of the story. SQL Server, Exchange and SharePoint audit logs are too important to be missing from your SIEM or log management solution. Find out more about how to audit these applications, and learn how to get their security audit event data into your SIEM.

Browse to www.logbinder.com/Solutions

Patch data provided by:

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

APSB16-02

Adobe Acrobat/Reader

Win/Mac

DC Continuous 15.009.20077 and earlier

Win/Mac

DC Classic 15.006.30097 and earlier

Win/Mac

XI 11.0.13 and earlier

1/7/2016

Arbitrary Code Execution

Critical: Priority 2/ Upgrade within 30 days

9.0.3

Apple Safari

Before 9.0.3

1/19/2016

Arbitrary Code Execution, Information Disclosure

Update after testing

48.0.2564.82

Google Chrome

Before 48.0.2564.82

1/20/2016

Spoofing, Information Disclosure

Update after testing

CPUJan2016

Oracle Java

6u105, 7u91, 8u66

1/19/2016

Potentially Exploitable Vulnerabilities

Update after testing


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.