May, 2017: Patch Monday: Easy Month and no Attacks

Welcome to this May Patch Monday bulletin. This month delivers patches from Adobe, Apple, Google and Mozilla. The good news this month is that there are no reports of the listed vulnerabilities being attacked in the wild. Take a look at Adobe Flash and your prevalent browsers like Chrome or Firefox. These will be the most impactful targets In the event an exploit is developed for one of the patched vulnerabilities. Follow up with iCloud/iTunes for Windows and Adobe Experience if those are used in the environment. A good question to ask yourself is whether you can accurately determine what is being used in the environment. This can be a difficult but critical question when trying to reduce exposure from unpatched software especially when users can install software themselves.

LOGbinder:Feed your SIEM a High Nutrition Diet

To achieve compliance and to stop APTs, your security analysts need to see what's happening in your applications and on your endpoints Unleash the power of native Windows Event Collection with Supercharger and track every endpoint with no agents, no polling and no noise. Put application audit logs where they belong – in your SIEM. Then correlate application security intelligence with the rest of your security activity. But getting application audit logs into your SIEM is surprisingly difficult. LOGbinder bridges the gap for a growing number of applications.

So, without further ado, here's the chart of non-MS patches that affect Windows platforms in the past month.

Patch data provided by:

 

Identifier

Vendor/Product

Product Version Affected

Date Released by Vendor

Vulnerability Info

Vendor
Severity / Our Recommendation

Multiple CVE’s

Adobe Flash

Win/Linux 25.0.0.148 and earlier

Mac

25.0.0.163 and earlier

5/9/2017

Arbitrary Code Execution

Critical Priority 1: Update within 72 hours

CVE-2017-3067

Adobe Experience Manager Forms

6.0, 6.1, 6.2

5/9/2017

Information Disclosure

Important Priority 2: Update within 30 days

CVE-2017-2530

iCloud for Windows

Before 6.2.1

5/15/2017

Arbitrary Code Execution

Update after testing

CVE-2017-6984

iTunes for Windows

Before 12.6.1

5/15/2017

Arbitrary Code Execution

Update after testing

CVE-2017-5068

Google Chrome

Before 58.0.3029.96

5/9/2017

Race Condition

Update after testing

CVE-2017-5031

Mozilla Firefox

Before 53.0.2/ESR 52.1.1

5/5/2017

Denial of Service

Update after testing


Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.