Feb 2017
One of the hassles of managing a corporate software catalog is the array of security updates from vendor applications or the dependency framework software they rely on. We’d like to help out by keeping you up to date about some of the main ones that may be of interest.
Check them out below.
Adobe Flashplayer
Affected Versions:
| Product | Affected Versions | Platform |
|---|---|---|
| Adobe Flash Player Desktop Runtime |
24.0.0.186 and earlier | Windows, Macintosh and Linux |
| Adobe Flash Player for Google Chrome | 24.0.0.186 and earlier | Windows, Macintosh, Linux and Chrome OS |
| Adobe Flash Player for Microsoft Edge and Internet Explorer 11 | 24.0.0.186 and earlier | Windows 10 and 8.1 |
Mozilla Firefox 50.1
Release date: December 13 2016
Mozilla has released a critical update to the Mozilla Firefox web browser to fix security vulnerabilities that can be used ti run attacker code and install software requiring no user interaction beyond normal browsing.
Adobe Acrobat & Reader
Release date: January 5, 2017
Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially
allow an attacker to take control of the affected system.
| Product | Track | Affected Versions | Platform |
|---|---|---|---|
| Acrobat DC | Continuous | 15.020.20042 and earlier versions | Windows and Macintosh |
| Acrobat Reader DC | Continuous | 15.020.20042 and earlier versions | Windows and Macintosh |
| Acrobat DC | Classic | 15.006.30244 and earlier versions | Windows and Macintosh |
| Acrobat Reader DC | Classic | 15.006.30244 and earlier versions | Windows and Macintosh |
| Acrobat XI | Desktop | 11.0.18 and earlier versions | Windows and Macintosh |
| Reader XI | Desktop | 11.0.18 and earlier versions | Windows and Macintosh |
Microsoft Security Bulletin Summary – Jan 2017
Release date: January 10 2017
Microsoft has released its January bulletin update for 2017. It highlights important and critical level updates fro the following software, Microsoft Edge, Microsoft Office 2016, Flashplayer to coincide with Adobe alerts, and the Local Security Authority subsystem service (LSASS).
Check out Microsoft’s security bulletin page for more details.
Apple End support for Quicktime 7 for Windows; New vulnerabilities announced.
Release Date: April 14th 2016
This is for two reasons.
First, Apple is deprecating QuickTime for Microsoft Windows, two vulnerabilities found that can expose computers to elevated cybersecurity dangers. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Note that this does not apply to QuickTime on Mac OSX.
Oracle Java SE / Runtime
Release date: January 17th 2017
This Critical Patch Update contains 17 new security fixes for Oracle Java SE. 16 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
The highest CVSS Base Score of vulnerabilities affecting Oracle Java SE is 9.6
The Oracle Java SE components affected by vulnerabilities that are fixed in this Critical Patch Update are:
- Java SE version(s) 6u131, 7u121, 8u112
- Java SE Embedded version(s) 8u111
- JRockit, version(s) R28.3.12