Welcome to this May Patch Monday Bulletin. This month there are patches from Adobe, Apple, Google, and Mozilla. The good news this month is that there are no known attacks on products that have updates available. Adobe published an out of band update for Premiere Rush, Premiere Pro, Audition, and Character Animator. Of those products, Character Animator is the only one with a critical vulnerability. These products are all listed as priority 3 due to the fact they are not traditionally targeted by attackers but this also means that they may not be managed to the same level as widely used Adobe products. Take time this month to see if these products are being used in the environment and update as necessary. Adobe released updates for Acrobat/Reader and DNG SDK during the normal release date. Acrobat/Reader is a Critical Priority 2 update so it should be prioritized appropriately. In late April Adobe released out of band critical updates for Magento, Illustrator, and Bridge. Pay special attention to Magento since that is the only Priority 2 update. Chrome and Firefox should be reviewed next since numerous vulnerabilities are fixed and browsers are typically great targets for attackers. Thunderbird has numerous vulnerabilities but as usual these vulnerabilities are mitigated due to the fact that scripting is disabled. Interesting to note this month, Apple released updates for iTunes for Windows but there are no details available.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of non-MS patches this month.