Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Using Lessons Learned from Noteworthy Vulnerabilities to Protect Your Organization Against Them
Preventing and Detecting Modern PowerShell Attacks – MITRE ATT&CK T1059.001
Tier Zero: What It Is, Its Importance, Its Boundaries, and Detecting Out-of-Bounds Activity

Webinar Library

Latest Blogs

Recent Security Features in Active Directory You Probably Aren't Using

Active Directory security features you probably aren’t using and more in my sessions at The Experts Conference 2019

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Top Resources

Security Log

Additional Resources

May, 2022: Patch Monda: Unexpected Patches from Oracle and Mozilla

Welcome to this May Patch Monday Bulletin. We have our fair share of 3rd party patches to address this past month. Let's start with some high priority patches. Oracle normally releases their security updates quarterly. On May 19th they released a "Security Alert Advisory" for CVE-2022-21500. Normally we report on the end user products of Oracle, such as Java, but since Oracle "strongly recommends that customers apply the updates" as soon as possible, we wanted to include it this month. Although it's CVSS score is only 7.5, it is remotely exploitable without authentication, so we thought you should be made aware of it. Next is a critical update released by Mozilla after their normal mid-month patches on May 3rd. On May 20th they released a critical update for Firefox, ESR, Firefox for Android and Thunderbird. The update addresses two critical CVE's: CVE-2022-1802 and CVE-2022-1529. It updates software to the following versions: Firefox 100.0.2, Firefox for Android 100.0.3, Firefox ESR 91.9.1 and Thunderbird 91.9.1. Apple has also released updates for macOS Monterey, Big Sur and Catalina. Google has had a few updates over the past month for Chrome addressing 42 security fixes, 14 of which are rated "High" by Google. We recommend you review the chart below to determine if your environment contains any of the affected 3rd party products from this month.

Patch data provided by:
Identifier	Vendor/Product	Product Version Affected	Date Released by Vendor	Vulnerability Info	Vendor Severity / Our Recommendation
CVE-2022-28819	Adobe Character Animator	2021 4.4.2 and earlier 2022 22.3 and earlier	5/10/2022	Arbitrary Code Execution	Critical Priority 3: Update at admin's discretion
CVE-2022-28818	Adobe Cold Fusion	2018 Update 13 and earlier 2021 Version 3 and earlier	5/10/2022	Arbitrary Code Execution	Important Priority 2: Update at admin's discretion
Multiple CVE's	Adobe InDesign	17.1 and earlier	5/10/2022	Arbitrary Code Execution	Critical Priority 3: Update at admin's discretion
Multiple CVE's	Adobe Framemaker	2019 Release Update 8 and earlier 2020 Release Update 4 and earlier	5/10/2022	Arbitrary Code Execution Memory Leak	Critical Priority 3: Update at admin's discretion
Multiple CVE's	Adobe InCopy	17.1 and earlier	5/10/2022	Arbitrary Code Execution	Critical Priority 3: Update at admin's discretion
Multiple CVE's	Apple iOS/iPadOS	Before 15.5	5/16/2022	Race Condition, Arbitrary Code Execution, Memory Corruption Issue, Denial of Service, Security Feature Bypass, Use After Free	Update as soon as possible
Multiple CVE's	Apple macOS	Monterey before 12.4 Big Sur before 11.6.6 2022-004 Catalina Security Update	5/16/2022	Out of Bounds Read/Write, Out of Bounds Access, Arbitrary Code Execution, Logic Issue, Denial of Service, Security Feature Bypass	Update as soon as possible
Multiple CVE's	Apple Xcode	Before 13.4	5/16/2022	Elevation of Privilege, Logic Issue	Update after testing
Multiple CVE's	Apple Safari	Before 15.5	5/16/2022	Arbitrary Code Execution	Update after testing
Multiple CVE's	Google Chrome	Before 101.0.4951.67	5/12/2022	Use After Free, Buffer Overflow, Inappropriate Implementation, Type Confusion, Out of Bounds Memory Access	Update as soon as possible
Multiple CVE's	Mozilla Thunderbird	Before 91.9	5/3/2022	Incorrect Security Status, Spoofing, Privilege Escalation, Leaking Security Status, Improper Implementation, Arbitrary Code Execution	Update as soon as possible
Multiple CVE's	Mozilla Firefox	Before 100 Before ESR 91.9	5/3/2022	Spoofing, Privilege Escalation, Leaking Security Status, Improper Implementation, Arbitrary Code Execution	Update as soon as possible
Multiple CVE's	Opera	Before 87	5/17/2022	Use After Free, Buffer Overflow, Inappropriate Implementation, Type Confusion, Out of Bounds Memory Access	Update as soon as possible
CVE-2022-21500	Oracle	Oracle E-Business Suite 12.1/12.2	5/19/2022	Exposure of PII	Update as soon as possible

Send me this chart next Patch Tuesday.

Home

User name:
Password:
	/ Forgot?
	Register

May 2022 Patch Monday	"Patch Monda: Unexpected Patches from Oracle and Mozilla " - sponsored by Supercharger

Follow @randyfsmith

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2022 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.