July, 2017: Patch Monday: July Oracle Critical Patch UPdate

Welcome to this July Patch Monday bulletin. This month is the second quarterly Oracle critical patch update (CPU) and there are patches available from Adobe and Apple. The good news is there are no reported attacks on any of vulnerabilities patched this month and overall there are fewer platforms to patch than we have seen in recent months. Start the month off by taking a look at Flash since that is one of the most popular targets on this list. There were 32 vulnerabilities fixed in this Java CPU so that should be next up in your patch plan. iTunes/iCloud are typically not installed in the enterprise but Apple software is surprisingly found in many organizations. Take a look to see if these applications are present and apply patches if necessary. Finally, review your Adobe applications to see if Adobe Connect is present and in need of patching.

With this month’s Patch Monday, I have a few big announcements:

  1. My book, the only book on the security log, “The Windows Server Security Log Revealed” is available online…
  2. My 12 CPE course, the same courses taught in-person, Security Log Secrets, is also now available online…

And… both the course and the book are completely free.

Now you can unravel the cryptic Windows Security Log for free. This book and course dive deep in to the nine audit policy categories and the 50 audit policy subcategories in available in Windows and helps you understand what the events mean and how they relate to the real world of Windows and security threats. The course is full video and features an exam. You can access the book here and the course here.

So, without further ado, here’s the chart of non-MS patches that affect Windows platforms in the past month.

Patch data provided by:

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

Multiple CVE’s

Adobe Flash

Win/Mac/Linux 26.0.0.131 and earlier

7/11/2017

Remote Code Execution, Information Disclosure

Critical Priority 1: Update within 72 hours

Multiple CVE’s

Adobe Connect

9.6.1 and earlier

7/11/2017

Cross Site Scripting, Clickjacking

Important Priority 3: Update at admin’s discretion

Multiple CVE’s

iTunes for Windows

Before 12.6.2

7/19/2017

Arbitrary Code Execution, Information Disclosure

Update after testing

Multiple CVE’s

iCloud for Windows

Before 6.2.2

7/19/2017

Arbitrary Code Execution, Information Disclosure

Update after testing

Multiple CVE’s

Java

6u151, 7u141, 8u131

7/18/2017

Arbitrary Code Execution

Update after testing


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.