The Highs and Lows of Patch Tuesday

We face quite a bit of patching work this week.  Microsoft has released numerous patches addressing multiple vulnerabilities including some fairly serious issues with DHCP.  Cisco has released several patches including a specific patch addressing a “default password” vulnerability in CSPC – the platform collector for device management.  Adobe has also released multiple patches across their application suites including some patches specific to Photoshop.  To pile on a little more, WordPress has released patching in version 5.1.1 to address possible unauthenticated code execution flaws.

All of these updates and patches come on the heels of the recent Google Chrome update that so many had to address immediately due to “in the wild” exploits.

Please review your environments, including your third party applications and web server platforms, and patch accordingly.

https://www.securityweek.com/adobe-patches-flaws-sandbox-photoshop-digital-editions

https://nakedsecurity.sophos.com/2019/03/14/update-now-microsofts-march-2019-patch-tuesday-is-here/

https://www.securityweek.com/wordpress-511-patches-remote-code-execution-vulnerability

https://threatpost.com/cisco-patches-critical-default-password-bug/142814/

Adobe patches the same critical Reader flaw twice in one week

As the article author states, it has been an embarrassing few days for Adobe and their patch process.  Though we like to poke fun at Adobe and we often whine about the ongoing parade of vulnerabilities, do not get lulled into a state where patches are missed and systems are left vulnerable.  Please review your environment and patch accordingly.

https://nakedsecurity.sophos.com/2019/02/25/adobe-patches-the-same-critical-reader-flaw-twice-in-one-week/

Adobe Flash Zero-Day Spreads via Office Docs

The ongoing battle against the exploitation of Adobe Flash continues.  This is but the latest in a long line of flaws and vulnerabilities to plague Flash and its brothers and sisters in the Adobe family of products.  Please review your environments and patch accordingly.  Also, take the time to educate your users to the nature of this particular exploit.

https://www.darkreading.com/threat-intelligence/adobe-flash-zero-day-spreads-via-office-docs/d/d-id/1333429

Patch Tuesday Excitement!

Patch Tuesday has come and gone and our friends at Microsoft and Adobe have left goodies for all the good little sysadmins.  Please take a moment and review your environments and patch accordingly.

https://krebsonsecurity.com/2018/03/flash-windows-users-its-time-to-patch/

https://threatpost.com/microsoft-patches-15-critical-bugs-in-march-patch-tuesday-update/130424/

https://www.infosecurity-magazine.com/news/microsoft-releases-more/

Adobe, Microsoft Patch Critical Cracks

Patch Tuesday has come and gone and there are several new Microsoft and Adobe patches that warrant our attention.  Most interesting is probably the Microsoft Office vulnerability that was 17 years in the making.  I remain astonished that a bug existed in the wild for 17 years undetected.

Please review all of your relevant systems and platforms and patch accordingly.

https://krebsonsecurity.com/2017/11/adobe-microsoft-patch-critical-cracks/

https://threatpost.com/microsoft-patches-17-year-old-office-bug/128904/