October, 2018: Patch Monday: October Quarterly Oracle Critical Patch Update

Welcome to this October Patch Monday Bulletin. This month we have patches from Adobe, Apple, Google, Mozilla, and Java. Good news, there were no reported attacks on vulnerabilities listed in this bulletin. This month Chrome, Firefox, and Java appear to be the highest priorities based on quantity of vulnerabilities and prevalence of attacks in the past. Normally, Adobe Flash would be one of the top priorities but this month it is optional since the update is for features and performance only. Evaluate the remaining Adobe products for updates this month and pay close attention to Acrobat/Reader and Experience Manager since they are priority 2. Finally, review the environment for iCloud and Thunderbird installations and update accordingly

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of non-MS patches that affect Windows platforms in the past month.

Patch data provided by:

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

CVE-2018-15976

Adobe Technical Communications Suite

1.0.5.1 and below

10/9/2018

Privilege Escalation

Important Priority 3: Update at admin’s discretion

CVE-2018-15974

Adobe Framemaker

 

1.0.5.1 and below

10/9/2018

Privilege Escalation

Important Priority 3: Update at admin’s discretion

Multiple CVE’s

Adobe Experience Manager

6.0, 6.1, 6.2, 6.3, 6.4

10/9/2018

Cross Site Scripting

Important Priority 2: Update within 30 days

Multiple CVE’s

Adobe Digital Editions

4.5.8 and below 

10/9/2018

Arbitrary Code Execution, Information Disclosure

Critical Priority 3: Update at admin’s discretion

APSB18-35

Adobe Flash Player

31.0.0.108 and earlier versions

10/9/2018

None

Priority 3: Update at admin’s discretion

Multiple CVE’s

Adobe Acrobat and Reader

Continuous 2018.011.20063 and earlier versions

Classic 2017 2017.011.30102 and earlier versions

Classic 2015 2015.006.30452 and earlier versions

10/1/2018

Arbitrary Code Execution, Information Disclosure, Privilege Escalation

Critical Priority 2: Update within 30 days

Multiple CVE’s

iCloud for Windows

Before 7.7

10/8/2018

Arbitrary Code Execution, Information Disclosure

Update after testing

Multiple CVE’s

Google Chrome

Before 70.0.3538.67

10/16/2018

Security Bypass, Remote Code Execution, Spoofing, Information Disclosure, Denial of Service

Update after testing

Multiple CVE’s

Mozilla Thunderbird

Before Thunderbird 60.2.1

10/4/2018

Denial of Service, Security Bypass, Information Disclosure

Update after testing

Multiple CVE’s

Mozilla Firefox

Before Firefox 62.0.3/ESR 60.2.2

10/2/2018

Arbitrary Code Execution, Information Disclosure

Update after testing

Multiple CVE’s

Oracle Java

6u201, 7u191, 8u181, 11

10/16/2018

Denial of Service, Security Bypass, Java Takeover, Information Disclosure

Update after testing


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.