Patch Tuesday – Zero Days and Plenty of Fixes

Please take a moment to review these reference articles, evaluate your environments and patch accordingly.  Be aware that several vulnerabilities addressed in this round of Patch Tuesday updates have potentially active exploits in the wild.

https://www.infosecurity-magazine.com/news/two-zerodays-fixed-in-this-months/

https://nakedsecurity.sophos.com/2019/07/10/two-zero-days-and-15-critical-flaws-fixed-in-julys-patch-tuesday/

https://krebsonsecurity.com/2019/07/patch-tuesday-lowdown-july-2019-edition/

Microsoft’s June 2019 Patch Tuesday fixes many of SandboxEscaper’s zero-days

It’s that time again when we all get to evaluate our PC and server environments and kick off our monthly patching processes.  Please take a look at the changes this month and patch accordingly.  And please don’t forget your at-home devices.  Patching is not just a business process.  All computers and workstations and laptops need to be patched and updated on a regular basis.

https://www.zdnet.com/article/microsofts-june-2019-patch-tuesday-fixes-many-of-sandboxescapers-zero-days/

https://krebsonsecurity.com/2019/06/microsoft-patch-tuesday-june-2019-edition/

The Highs and Lows of Patch Tuesday

We face quite a bit of patching work this week.  Microsoft has released numerous patches addressing multiple vulnerabilities including some fairly serious issues with DHCP.  Cisco has released several patches including a specific patch addressing a “default password” vulnerability in CSPC – the platform collector for device management.  Adobe has also released multiple patches across their application suites including some patches specific to Photoshop.  To pile on a little more, WordPress has released patching in version 5.1.1 to address possible unauthenticated code execution flaws.

All of these updates and patches come on the heels of the recent Google Chrome update that so many had to address immediately due to “in the wild” exploits.

Please review your environments, including your third party applications and web server platforms, and patch accordingly.

https://www.securityweek.com/adobe-patches-flaws-sandbox-photoshop-digital-editions

https://nakedsecurity.sophos.com/2019/03/14/update-now-microsofts-march-2019-patch-tuesday-is-here/

https://www.securityweek.com/wordpress-511-patches-remote-code-execution-vulnerability

https://threatpost.com/cisco-patches-critical-default-password-bug/142814/

Microsoft begins re-releasing Windows 10 October update after fixing file deletion bug

For those of you that did not see the news earlier in the week, Microsoft was forced to pull the Windows 10 update released for October due to an expected data loss issue.  Microsoft has since fixed that update and re-released it for beta tester verification.  Please continue to monitor this process to ensure you safely patch your Windows 10 environments.

https://www.theverge.com/2018/10/9/17957506/microsoft-windows-10-october-2018-update-data-deletion-fix

Patch Tuesday Excitement!

Patch Tuesday has come and gone and our friends at Microsoft and Adobe have left goodies for all the good little sysadmins.  Please take a moment and review your environments and patch accordingly.

https://krebsonsecurity.com/2018/03/flash-windows-users-its-time-to-patch/

https://threatpost.com/microsoft-patches-15-critical-bugs-in-march-patch-tuesday-update/130424/

https://www.infosecurity-magazine.com/news/microsoft-releases-more/

Emergency Patches, Patch Tuesday and the Great Anti-Virus Compatibility Challenge

Several (50+) patches were released by Microsoft yesterday as part of their patching cycle for January.  Add to these out-of-band emergency patches designed to mitigate and/or resolve the vulnerabilities associated with Meltdown and Spectre, and sysadmins and security admins around the world are incredibly busy this week.

Complicating matters is the challenge of verifying your anti-virus and anti-malware software is compatible with Microsoft’s emergency patches, specifically in terms of the needed registry flags.

Take a moment and familiarize yourself with the updates from Microsoft, Adobe and others and patch accordingly once your testing is complete.

https://threatpost.com/microsoft-january-patch-tuesday-update-fixes-16-critical-bugs/129378/

https://www.infosecurity-magazine.com/news/patch-tuesday-more-work-for-admins/

https://threatpost.com/anti-virus-updates-required-ahead-of-microsofts-meltdown-spectre-patches/129371/