February, 2015: Patch Monday: Light Month, High Impact

This February Patch Monday bulletin is light on patches but heavy on impact. Adobe released an initial security advisory on February 2nd stating that there was a critical vulnerability that is actively being attacked. This was followed by the release of an update on February 5th. This vulnerability is leveraged in drive-by-download attacks and should be applied as soon as possible. Google Chrome and Mozilla Firefox can be applied as soon as they have been tested if they are applicable to the environment. This month is a good month to take a look at the patch management strategy. It is important to quickly remediate vulnerabilities that are being actively attacked like Adobe Flash this month. This may be an opportune time to evaluate workstation privileges as well. Removing local admin rights on the workstation is a best practice and will reduce the impact of attacks on client software like Adobe, Chrome, and Firefox.

One of the most frequent complaints I hear from you folks is “We need a SIEM but can't afford the big enterprise solutions.” And as a tech-heavy small business owner I truly understand the need for software that installs in minutes and doesn't require a ton of planning, learning, design and professional services before you start getting results. So I recently reviewed a fast, easy and affordable SIEM and Log Management solution that I think deserves your attention. Read the blog about it here.

Easily patch the servers, desktops, and laptops in your Windows environment with SolarWinds Patch Manager. Download a free fully functional 30 day trial of SolarWinds Patch Manager.

  • Centrally deploy patches to physical & virtual Windows® desktops & servers with pre-built, tested patches from vendors such as Adobe®, Apple®, Google®, Mozilla®, Oracle® & others
  • Decrease security risks & service performance degradation by controlling when & where patches are applied
  • View the patch status of mission-critical servers with an intuitive patch status dashboard
  • Pass audits and demonstrate compliance with out-of-the-box reports and dashboard views
  • Extend your WSUS or SCCM patch management environment to apply common 3rd-party patches for Adobe®, Apple®, Google®, Mozilla®, and Oracle® Java™ management solution

Click here to find out more about SolarWinds Patch Manger.

So, without further ado, here’s the chart of non-MS patches that affect Windows platforms in the past month. 

Patch data provided by:

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

APSB15-04

Adobe Flash

Win/MAC before 16.0.0.305

Linux before

11.2.202.442

2/19/2015

Arbitrary Code Execution

Critical: Priority 1/ Upgrade within 72 hours

40.0.2214.115

Google Chrome

Win/Mac/Linux before 40.0.2214.115

2/19/2015

Privilege Escalation, Denial of Service, Security Bypass,

Update after testing

35

Mozilla Firefox

Before 34

2/5/2015

Arbitrary Code Execution, Denial of Service

Update after testing


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.