We face quite a bit of patching work this week. Microsoft has released numerous patches addressing multiple vulnerabilities including some fairly serious issues with DHCP. Cisco has released several patches including a specific patch addressing a “default password” vulnerability in CSPC – the platform collector for device management. Adobe has also released multiple patches across their application suites including some patches specific to Photoshop. To pile on a little more, WordPress has released patching in version 5.1.1 to address possible unauthenticated code execution flaws.
All of these updates and patches come on the heels of the recent Google Chrome update that so many had to address immediately due to “in the wild” exploits.
Please review your environments, including your third party applications and web server platforms, and patch accordingly.
As the article author states, it has been an embarrassing few days for Adobe and their patch process. Though we like to poke fun at Adobe and we often whine about the ongoing parade of vulnerabilities, do not get lulled into a state where patches are missed and systems are left vulnerable. Please review your environment and patch accordingly.
There are plenty of issues to address with this most recent batch of patches and updates from Microsoft, Adobe and others. Review your environments and please patch accordingly.
The ongoing battle against the exploitation of Adobe Flash continues. This is but the latest in a long line of flaws and vulnerabilities to plague Flash and its brothers and sisters in the Adobe family of products. Please review your environments and patch accordingly. Also, take the time to educate your users to the nature of this particular exploit.
Please review your Flash deployments if any remain and be prepared to remediate as soon as a patch is available. Flash honestly cannot disappear/die soon enough for the sake of end user security.
Patch Tuesday has come and gone and there are several new Microsoft and Adobe patches that warrant our attention. Most interesting is probably the Microsoft Office vulnerability that was 17 years in the making. I remain astonished that a bug existed in the wild for 17 years undetected.
Please review all of your relevant systems and platforms and patch accordingly.