Welcome to this May Patch Monday Bulletin. This month patches are available for Adobe Flash, Adobe Air, Adobe ColdFusion, Adobe Acrobat/Reader, Apple Safari, Apple iTunes, Google Chrome, Mozilla Firefox and Mozilla Thunderbird. The top priority this month is Adobe Flash due to a report of an exploit for CVE-2016-4117. The Microsoft Patch Tuesday bulletin addresses this particular CVE but there are several additional vulnerabilities that are remediated by this Flash patch that Microsoft did not originally address. Chrome, Mozilla or Safari should be next and prioritized based on their prevalence within the environment. Follow up with the remaining Adobe products ColdFusion, Air and Acrobat/Reader. Finally apply Thunderbird and iTunes updates as necessary.
It just came to me that many of you, like me, probably have 10's or 100's of online website logins. Many years back I ran into the problem of having to remember so many unique logins. It wasn't secure to use one password for every login and it was unthinkable to keep a notepad (physical or virtual) with all my logins recorded. Visit my latest blog article, “Secure, Fast and Efficient Password Management”, to see how we've successfully handled this at my company.
I was talking to a fellow InfoSec guru last week and we got on the subject of patching workstations and the headaches that comes along with it. He mentioned that at one of the largest financial institutions he previously worked at the in-house developers spent years on an internal software solution dedicated to patching the tens of thousands of workstations on their network. Shortly after it was deployed there was a merger and the entire project was left at the wayside. I thought to myself, “If only they had SolarWinds Patch Manager” they could have been installing patches across their domain in hours. Whether it's Microsoft patches or 3rd party patches like the chart below, SolarWinds Patch Manager provides inventory (using WMI) and 3rd party patching (using WSUS) without requiring you to deploy an agent to every machine on the network. By utilizing WMI and WSUS it allows you to take advantage of technologies that are already baked into the OS of your existing machines. If you want to try it out you can download SolarWinds Patch Manager for free and test it for 30 days at this URL.
So, without further ado, here's the chart of MS patches for this month.
Patch data provided by:
Product Version Affected
Date Released by Vendor
Severity / Our Recommendation
Adobe Flash Player
18.104.22.168 and earlier
22.214.171.1243 and earlier
126.96.36.199 and earlier
Arbitrary Code Execution
Critical: Priority 1/ Upgrade as soon as possible
188.8.131.52 and earlier
Critical: Priority 3/ Update at admin’s discretion
Update 7 and earlier
Update 18 and earlier
Arbitrary Code Execution, Spoofing
Important: Priority 2/ Update within 30 days
Win/Mac DC Continuous 15.010.20060 and earlier
Win/Mac DC Classic 15.006.30121
11.0.15 and earlier
Arbitrary Code Execution, Denial of Service, Information Disclosure
Critical: Priority 2/ Update within 30 days
Update as soon as possible
Update at admin’s discretion
Denial of Service, Security Bypass, Information Disclosure, Spoofing
Before 46/ESR 45.1
Arbitrary Code Execution, Denial of Service, Security Bypass, Cross Site Scripting, Information Disclosure
Arbitrary Code Execution, Denial of Service