Patch Analysis for June 2017

Welcome to this June Patch Monday bulletin. This month delivers patches from Adobe, Google, and Mozilla. There have been zero reports of actively attacked vulnerabilities from this bulletin. Take a look at Adobe Flash first thing this month since Flash is a top target for attacks and suffers several potentially exploitable code execution vulnerabilities. Follow up with Chrome and Firefox due to their prevalence in most environments and the quantity of vulnerabilities that are remediated this month. Shockwave is another commonly attacked platform and it suffers from a memory corruption vulnerability that could lead to remote code execution. Review your environment for Adobe Captivate, Adobe Digital Editions, or Mozilla Thunderbird and patch accordingly.

Modern Authentication is Stronger without Pummeling the User

Authentication has gotten very complex and I see some organizations making significant investments in authentication

  • Without addressing the real risks and current attack scenarios
  • Compromising the project by not taking into account user adoption.
  • Only solving part of the problem such as access to specific cloud applications or on-premise resources

Don’t work on another authentication project without considering the big picture and taking a comprehensive, strategic approach.

Please register now for my next real-training for free session on modern authentication.

Patch data provided by:



Product Version Affected

Date Released by Vendor

Vulnerability Info

Severity / Our Recommendation

Multiple CVE’s

Adobe Flash Player

Win/Mac/Linux and earlier


Arbitrary Code Execution

Critical Priority 1: Update within 72 hours


Adobe Shockwave Player and earlier


Arbitrary Code Execution

Critical Priority 2: Update within 30 days

Multiple CVE’s

Adobe Captivate

9 and earlier


Arbitrary Code Execution, Information Disclosure

Critical Priority 3: Update at admin’s discretion

Multiple CVE’s

Adobe Digital Editions

4.5.4 and earlier versions


Arbitrary Code Execution, Escalation of Privileges, Information Disclosure

Important Priority 3: Update at admin’s discretion

Multiple CVE’s

Google Chrome

Before 59.0.3071.109


Security Bypass, Information Disclosure, Spoofing

Update as soon as possible

Multiple CVE’s

Mozilla Firefox

Before 54/ESR 52.2


Denial of Service, Information Disclosure, Arbitrary Code Execution, Privilege Escalation, Spoofing,

Update as soon as possible

Multiple CVE’s

Mozilla Thunderbird

Before 52.2


Denial of Service, Information Disclosure

Update as soon as possible

Receive Randy's same-day, independent analysis each Patch Tuesday

We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.


Additional Resources