Staying on top of software security updates

Feb 2017

One of the hassles of managing a corporate software catalog is the array of security updates from vendor applications or the dependency framework software they rely on. We’d like to help out by keeping you up to date about some of the main ones that may be of interest.

Check them out below.

 


 

Adobe Flashplayer

Release date: January 10, 2017
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected Versions:

adobe flashplayer
Product Affected Versions Platform
Adobe Flash Player
Desktop Runtime
24.0.0.186 and earlier Windows, Macintosh and Linux
Adobe Flash Player for Google Chrome 24.0.0.186 and earlier Windows, Macintosh, Linux and Chrome OS
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 24.0.0.186 and earlier Windows 10 and 8.1

mozillafirefoxlogo

Mozilla Firefox 50.1

Release date: December 13 2016
Mozilla has released a critical update to the Mozilla Firefox web browser to fix security vulnerabilities that can be used ti run attacker code and install software requiring no user interaction beyond normal browsing.


Adobe Acrobat & Reader

Release date: January 5, 2017

adobe-acrobat-dc-–-pdf-reader-41-535x535

Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially
allow an attacker to take control of the affected system.

Product Track Affected Versions Platform
Acrobat DC Continuous 15.020.20042 and earlier versions Windows and Macintosh
Acrobat Reader DC Continuous 15.020.20042 and earlier versions Windows and Macintosh
Acrobat DC Classic 15.006.30244 and earlier versions Windows and Macintosh
Acrobat Reader DC Classic 15.006.30244 and earlier versions Windows and Macintosh
Acrobat XI Desktop 11.0.18 and earlier versions Windows and Macintosh
Reader XI Desktop 11.0.18 and earlier versions Windows and Macintosh

Microsoft-logo-m-box-880x660

Microsoft Security Bulletin Summary – Jan 2017

Release date:  January 10 2017
Microsoft has released its January bulletin update for 2017. It highlights important and critical level updates fro the following software, Microsoft Edge, Microsoft Office 2016, Flashplayer to coincide with Adobe alerts, and the Local Security Authority subsystem service (LSASS).

Check out Microsoft’s security bulletin page for more details.

 


Apple End support for Quicktime 7 for Windows; New vulnerabilities announced.

Release Date: April 14th 2016

update-quicktime
An older alert but one that some organisations may not be aware of. This version of software could have also been distributed as part of freeware bundling with ad-hoc installations. We’re putting the word out that everyone should follow Apple’s guidance and uninstall QuickTime for Windows as soon as possible.

This is for two reasons.

First, Apple is deprecating QuickTime for Microsoft Windows, two vulnerabilities found that can expose computers to elevated cybersecurity dangers. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Note that this does not apply to QuickTime on Mac OSX.


Oracle Java SE / Runtime

Release date: January 17th 2017
This Critical Patch Update contains 17 new security fixes for Oracle Java SE.  16 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 9.6

The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are:

  • Java SE version(s) 6u131, 7u121, 8u112
  • Java SE Embedded version(s) 8u111
  • JRockit, version(s) R28.3.12

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *