Patch Tuesday – September 2021 Edition

Several important patches and updates have been released by Microsoft and other vendors this week that deserve our immediate attention. Both Apple and Microsoft have addressed zero day vulnerabilities and Microsoft has even released yet another attempted fix for the PrintNightmare vulnerability.

Enjoy these two articles for additional details:

https://www.infosecurity-magazine.com/news/microsoft-fixes-omigod-mshtml/

https://krebsonsecurity.com/2021/09/microsoft-patch-tuesday-september-2021-edition/

Patch Tuesday – Zero Days and Plenty of Fixes

Please take a moment to review these reference articles, evaluate your environments and patch accordingly.  Be aware that several vulnerabilities addressed in this round of Patch Tuesday updates have potentially active exploits in the wild.

https://www.infosecurity-magazine.com/news/two-zerodays-fixed-in-this-months/

https://nakedsecurity.sophos.com/2019/07/10/two-zero-days-and-15-critical-flaws-fixed-in-julys-patch-tuesday/

https://krebsonsecurity.com/2019/07/patch-tuesday-lowdown-july-2019-edition/

Microsoft’s June 2019 Patch Tuesday fixes many of SandboxEscaper’s zero-days

It’s that time again when we all get to evaluate our PC and server environments and kick off our monthly patching processes.  Please take a look at the changes this month and patch accordingly.  And please don’t forget your at-home devices.  Patching is not just a business process.  All computers and workstations and laptops need to be patched and updated on a regular basis.

https://www.zdnet.com/article/microsofts-june-2019-patch-tuesday-fixes-many-of-sandboxescapers-zero-days/

https://krebsonsecurity.com/2019/06/microsoft-patch-tuesday-june-2019-edition/

The Highs and Lows of Patch Tuesday

We face quite a bit of patching work this week.  Microsoft has released numerous patches addressing multiple vulnerabilities including some fairly serious issues with DHCP.  Cisco has released several patches including a specific patch addressing a “default password” vulnerability in CSPC – the platform collector for device management.  Adobe has also released multiple patches across their application suites including some patches specific to Photoshop.  To pile on a little more, WordPress has released patching in version 5.1.1 to address possible unauthenticated code execution flaws.

All of these updates and patches come on the heels of the recent Google Chrome update that so many had to address immediately due to “in the wild” exploits.

Please review your environments, including your third party applications and web server platforms, and patch accordingly.

https://www.securityweek.com/adobe-patches-flaws-sandbox-photoshop-digital-editions

https://nakedsecurity.sophos.com/2019/03/14/update-now-microsofts-march-2019-patch-tuesday-is-here/

https://www.securityweek.com/wordpress-511-patches-remote-code-execution-vulnerability

https://threatpost.com/cisco-patches-critical-default-password-bug/142814/

Microsoft begins re-releasing Windows 10 October update after fixing file deletion bug

For those of you that did not see the news earlier in the week, Microsoft was forced to pull the Windows 10 update released for October due to an expected data loss issue.  Microsoft has since fixed that update and re-released it for beta tester verification.  Please continue to monitor this process to ensure you safely patch your Windows 10 environments.

https://www.theverge.com/2018/10/9/17957506/microsoft-windows-10-october-2018-update-data-deletion-fix

Patch Tuesday Excitement!

Patch Tuesday has come and gone and our friends at Microsoft and Adobe have left goodies for all the good little sysadmins.  Please take a moment and review your environments and patch accordingly.

https://krebsonsecurity.com/2018/03/flash-windows-users-its-time-to-patch/

https://threatpost.com/microsoft-patches-15-critical-bugs-in-march-patch-tuesday-update/130424/

https://www.infosecurity-magazine.com/news/microsoft-releases-more/