Tag: adobe | Qualys Blog

September Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc

Posted by Jimmy Graham in The Laws of Vulnerabilities on September 10, 2019

This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 17 of them labeled as Critical. Of the 17 Critical vulns, 8 are for scripting engines and browsers, 4 are for the Remote Desktop Client, and 3 are for SharePoint. In addition, Microsoft has again patched a critical vulnerability in LNK files, along with a vuln in Azure DevOps / TFS. Adobe has also released patches for Flash and Application Manager.

Update: Following Patch Tuesday, Microsoft updated the entries for CVE-2019-1214 and CVE-2019-1215 to remove the “exploited” label.

2 Comments
Permalink
Tags: adobe, microsoft, Patch Tuesday, security, vulnerabilities, vulnerability management

August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns

Posted by Jimmy Graham in The Laws of Vulnerabilities on August 13, 2019

Update Aug 13, 2019: Detect and Patch Windows Remote Desktop Vulnerabilities

This month’s Microsoft Patch Tuesday addresses 93 vulnerabilities with 29 of them labeled as Critical. Of the 29 Critical vulns, 10 are for scripting engines and browsers, 6 for Windows Graphics/Font Library, and 4 are for Office apps. In addition, Microsoft has patched 4 (!) Critical RCEs in Remote Desktop (plus 3 Important), 2 for Hyper-V, 2 in DHCP Client/Server, and one for LNK files. Adobe has also released a large number of patches covering multiple products.

2 Comments
Permalink
Tags: adobe, bluekeep, microsoft, patch, Patch Tuesday, RDP, security, seven monkeys, threats & worms, vulnerabilities

July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns

Posted by Jimmy Graham in The Laws of Vulnerabilities on July 9, 2019

This month’s Microsoft Patch Tuesday addresses 77 vulnerabilities with 15 of them labeled as Critical. Of the 15 Critical vulns, 11 are for scripting engines and browsers, with the remaining four covering DHCP Server, GDI+, .NET Framework, and Azure DevOps Server / Team Foundation Server. In addition, Microsoft has released Important patches for two actively exploited privilege escalation vulnerabilities, as well as a SQL Server RCE. Microsoft also issued two advisories for Outlook on the web and Linux Kernel vulnerabilities. Adobe issued patches today for Bridge CC, Experience Manager, and Dreamweaver.

No Comments
Permalink
Tags: adobe, microsoft, patch, Patch Tuesday, security, vulnerabilities

June 2019 Patch Tuesday – 88 Vulns, 21 Critical, Hyper-V Escape, Adobe Vulns

Posted by Jimmy Graham in The Laws of Vulnerabilities on June 11, 2019

This month’s Microsoft Patch Tuesday addresses 88 vulnerabilities with 21 of them labeled as Critical. Of the 21 Critical vulns, 17 are for scripting engines and browsers, and 3 are potential hypervisor escapes in Hyper-V. The remaining vulnerability is an RCE in the Microsoft Speech API. Microsoft also issued guidance on Bluetooth Low Energy FIDO keys, HoloLens, and Microsoft Exchange. Adobe issues patches today for Flash, ColdFusion, and Campaign.

No Comments
Permalink
Tags: adobe, microsoft, patch, patch management, Patch Tuesday, security, vulnerabilities, vulnerability management

May 2019 Patch Tuesday – 79 Vulns, 22 Critical, RDP RCE, MDS Attacks, Adobe Vulns

Posted by Jimmy Graham in The Laws of Vulnerabilities on May 14, 2019

This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 22 of them labeled as Critical. Of the 22 Critical vulns, 18 are for scripting engines and browsers. The remaining 4 are remote code execution (RCE) in Remote Desktop, DHCP Server, GDI+, and Word. Microsoft also released guidance on the recently disclosed Microarchitectural Data Sampling (MDS) techniques, known as ZombieLoad, Fallout, and RIDL. Adobe’s Patch Tuesday includes patches for vulnerabilities in Flash, Acrobat/Reader (83 vulnerabilities!) and Media Encoder.

UPDATE May 15: Microsoft has also issued Remote Desktop patches for Windows XP and Server 2003.

1 Comment
Permalink
Tags: adobe, microsoft, patch, Patch Tuesday, vulnerabilities, vulnerability management

April 2019 Patch Tuesday – 74 Vulns, 16 Critical, 2 Actively Attacked, 1 PoC Exploit, Adobe Vulns

Posted by Jimmy Graham in The Laws of Vulnerabilities on April 9, 2019

This month’s Patch Tuesday addresses 74 vulnerabilities, with 16 labeled as Critical. Eight of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office, along with another 5 Critical vulns in MSXML. Two Critical remote code execution (RCE) vulnerabilities are patched in GDI+ and IOleCvt. Two privilege escalation vulns in Win32k are reported as Actively Attacked, while another in the Windows AppX Deployment Service has a public PoC exploit.

No Comments
Permalink
Tags: adobe, microsoft, patch, Patch Tuesday, security, vulnerabilities

March 2019 Patch Tuesday – 65 Vulns, 18 Critical, RCEs in DHCP Client, Adobe Vulns

Posted by Jimmy Graham in The Laws of Vulnerabilities on March 12, 2019

This month’s Patch Tuesday addresses 65 vulnerabilities, with 18 of them labeled as Critical. Thirteen of the Critical vulns are for scripting engines and browser components, impacting Microsoft browsers and Office. Three remote code execution (RCE) vulnerabilities are patched in the Windows DHCP Client, as well as an RCE vuln in Windows Deployment Services TFTP Server and Privilege Escalation in Microsoft Dynamics 365. Adobe’s release is light, with only two CVEs patched in Photoshop CC and Digital Editions.

1 Comment
Permalink
Tags: adobe, microsoft, Patch Tuesday, security, vulnerabilities

February 2019 Patch Tuesday – 74 Vulns, 20 Critical, Exchange 0-day, Adobe Vulns

Posted by Jimmy Graham in The Laws of Vulnerabilities on February 12, 2019

This month’s Patch Tuesday is very large, with 74 vulns being addressed of which 20 are labeled as critical. Fifteen of these critical vulns are in the Scripting Engine and browsers, with the remainder being GDI+, SharePoint, and DHCP. Microsoft also issued an Advisory for an Exchange 0-day, along with a patch for one of the two reported vulns. Adobe also released updates for Acrobat/Reader, Flash, Coldfusion, and Creative Cloud.

No Comments
Permalink
Tags: 0 day, adobe, flash, microsoft, Patch Tuesday, security, vulnerabilities

January 2019 Patch Tuesday – 47 Vulns, 7 Critical, Adobe Vulns

Posted by Jimmy Graham in The Laws of Vulnerabilities on January 8, 2019

This month’s Patch Tuesday is medium in size, with 47 vulns covered and only 7 labeled as Critical. Twenty-six of the vulns apply to Windows Servers and Workstation operating systems. Two of the Criticals apply to Hyper-V and could lead to RCE on the host system. Microsoft also issued and out-of-band patch in December for Internet Explorer 9 through 11 due to active attacks in the wild. Last week, Adobe also released out-of-band patches for Acrobat and Reader covering two Critical vulns.

1 Comment
Permalink
Tags: adobe, microsoft, patch, Patch Tuesday, vulnerabilities, vulnerability management

November 2018 Patch Tuesday – 62 Vulns, TFTP Server RCE, Adobe PoC

Posted by Jimmy Graham in The Laws of Vulnerabilities on November 13, 2018

This month’s Patch Tuesday addresses 62 vulnerabilities, with 12 of them labeled as Critical. Out of the Criticals, 8 are for the Chakra Scripting Engine used by Microsoft Edge. A Remote Code Execution vulnerability in Windows Deployment Services’ TFTP server is also addressed in this release. Adobe also patched three Important vulnerabilities this month, although there is a PoC exploit available for Adobe Acrobat and Reader.

No Comments
Permalink
Tags: adobe, microsoft, patch, Patch Tuesday, security, vulnerabilities, vulnerability management

All Posts