Webinar Library
Welcome to this October Patch Monday Bulletin. This month we have patches from Adobe, Apple, Google, Mozilla, and Java. Good news, there were no reported attacks on vulnerabilities listed in this bulletin. This month Chrome, Firefox, and Java appear to be the highest priorities based on quantity of vulnerabilities and prevalence of attacks in the past. Normally, Adobe Flash would be one of the top priorities but this month it is optional since the update is for features and performance only. Evaluate the remaining Adobe products for updates this month and pay close attention to Acrobat/Reader and Experience Manager since they are priority 2. Finally, review the environment for iCloud and Thunderbird installations and update accordingly
Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.
So, without further ado, here’s the chart of non-MS patches that affect Windows platforms in the past month.
Patch data provided by:
Identifier
Vendor/Product
Product Version Affected
Date Released by Vendor
Vulnerability Info
Vendor Severity / Our Recommendation
CVE-2018-15976
Adobe Technical Communications Suite
1.0.5.1 and below
10/9/2018
Privilege Escalation
Important Priority 3: Update at admin’s discretion
CVE-2018-15974
Adobe Framemaker
Multiple CVE’s
Adobe Experience Manager
6.0, 6.1, 6.2, 6.3, 6.4
Cross Site Scripting
Important Priority 2: Update within 30 days
Adobe Digital Editions
4.5.8 and below
Arbitrary Code Execution, Information Disclosure
Critical Priority 3: Update at admin’s discretion
APSB18-35
Adobe Flash Player
31.0.0.108 and earlier versions
None
Priority 3: Update at admin’s discretion
Adobe Acrobat and Reader
Continuous 2018.011.20063 and earlier versions
Classic 2017 2017.011.30102 and earlier versions
Classic 2015 2015.006.30452 and earlier versions
10/1/2018
Arbitrary Code Execution, Information Disclosure, Privilege Escalation
Critical Priority 2: Update within 30 days
iCloud for Windows
Before 7.7
10/8/2018
Update after testing
Google Chrome
Before 70.0.3538.67
10/16/2018
Security Bypass, Remote Code Execution, Spoofing, Information Disclosure, Denial of Service
Mozilla Thunderbird
Before Thunderbird 60.2.1
10/4/2018
Denial of Service, Security Bypass, Information Disclosure
Mozilla Firefox
Before Firefox 62.0.3/ESR 60.2.2
10/2/2018
Oracle Java
6u201, 7u191, 8u181, 11
Denial of Service, Security Bypass, Java Takeover, Information Disclosure
We will not share your address. Unsubscribe anytime. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.