September, 2016: Patch Monday: Back to Business as Usual

Welcome to this September Patch Monday Bulletin. September delivers the typical amount of bulletins after last month’s extremely light load. Patches have been released by Adobe, Apple, Google and Mozilla. Start the month with a patch for Flash. There were no reported attacks in the wild for this bulletin but it is a highly targeted component of the browser and should be the top priority this month. Follow up with browser patches in your environment that may include Chrome, Firefox, or Safari. Apple released patches for iTunes and iCloud for Windows in addition to Safari. End users may have installed these applications to work with common Apple products so it is important to have visibility into all applications that are installed on the endpoint not just deployed or monitored applications. Finish the month with patches for Adobe Air and Adobe Digital Editions.

Correlate application security events with all the other enterprise events

If your SIEM isn't getting the security events from Microsoft's enterprise applications, it is missing an important part of the story. SQL Server, Exchange and SharePoint audit logs are too important to be missing from your SIEM or log management solution. Find out more about how to audit these applications, and learn how to get their security audit event data into your SIEM.

Browse to www.logbinder.com/Solutions

Patch data provided by:


https://www.ultimatewindowssecurity.com/images/LOGbinderCH.png

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

CVE-2016-6936

Adobe Air

22.0.0.153 and earlier

9/13/2016

New Support for Data Transmission

Priority 3: Update at admin’s discretion

Multiple CVE’s

Adobe Flash Player

Win/Mac

22.0.0.211 and earlier

Win/Mac ESR

18.0.0.366 and earlier

Linux

11.2.202.632 and earlier

9/13/2016

Arbitrary Code Execution

Priority 1: Update in 72 hours

Multiple CVE’s

Adobe Digital Editions

4.5.1 and earlier versions

9/13/2016

Arbitrary Code Execution

Priority 3: Update at admin’s discretion

Multiple CVE’s

Apple iTunes

Win

Before 12.5.1

9/13/2016

Arbitrary Code Execution, non-HTTP access to services, Data Altering

Update after testing

Multiple CVE’s

Apple Safari

Before Safari 10

9/20/2016

Arbitrary Code Execution, Cross Site Scripting, Spoofing, Information Disclosure, non-HTTP Access to Services, Data Altering

Update as soon as possible

CVE-2016-4762

Apple iCloud for Windows

Before iCloud for Windows 6.0

9/20/2016

Arbitrary Code Execution

Update as soon as possible

Multiple CVE’s

Google Chrome

Before 54.0.2840.27

9/14/2016

Arbitrary Code Execution, Denial of Service, Security Bypass, Information Disclosure, Cross Site Scripting, Spoofing

Update as soon as possible

49/ESR 45.4

Mozilla Firefox

Before 49/ESR 45.4

9/20/2016

Denial of Service, Security Bypass, Information Disclosure

Update after testing


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.