Happy New Year everyone! While we come into the new year, we already have new vulnerabilities to remediate that are detailed below. Also, with Patch Tuesday already coming up next week, make sure to register for our Patch Tuesday webinar for news and analysis of this month’s patches.

In the news, an attack with Ryuk ransomware has been attributed to disrupting the printing and delivery of multiple major newspapers in the US. BleepingComputer details the ransomware that is commonly delivered through phishing but could also be executed through insecure RDP connections. Ryuk ransomware came about in August 2018, where the ransomware was reported to make over $600,000 in bitcoin, but this most recent attack proves that it’s still out in force.

Security Releases

Adobe ushered in the new year with an out-of-band Acrobat release before Patch Tuesday. Adobe’s Security Bulletin, APSB19-02, remediates two vulnerabilities on all currently supported versions of Acorbat and Acrobat Reader. CVE-2018-16011 is a use-after-free vulnerability that can be exploited through a maliciously crafted PDF file that allows the attacker to run code under the user’s privileges. The second vulnerability identified as CVE-2018-19725 is a security bypass flaw that could result in privilege escalation, potentially leading to more serious attacks.

Speaking of PDFs, Foxit released updates to its Reader and PhantomPDF products. Version 9.4 includes a series of vulnerabilities in its security bulletin, but currently only three have a CVE classification. An additional 10 vulnerabilities are reserved under Trend Micro’s Zero Day initiative, but they have yet to be formally disclosed.

Third-Party Updates

Here are the other updates we released in our content this week. These updates might not have CVEs, but they may still have helpful stability fixes as well as undisclosed security fixes:

Software Title

Ivanti ID

Ivanti KB

Allway Sync 19.0.3

ALLSYNC-007

QALLSYNC1903

GoodSync 10.9.21.1

GOODSYNC-106

QGS109211

GoToMeeting 8.39.0

GOTOM-056

QGTM8390

Node.JS 10.15.0 (LTS Upper)

NOJSLU-004

QNODEJSLU10150

Node.JS 11.6.0 (Current)

NOJSC-005

QNODEJSC1160

Node.JS 6.16.0 (Maintain)

NOJSM-002

QNODEJSM6160

Node.JS 8.15.0 (LTS Lower)

NOJSLL-003

QNODEJSLL8150

Royal TS 5.00.61221.0

RTS5-001

QRTS50612210

Splunk Universal Forwarder 7.2.3

SPLUNKF-033

QSPLUNKF723

VLC Media Player 3.0.5

VLC-305

QVLC305

How Ivanti Endpoint Security Customers Can Achieve a 176% ROI Over 3 Years - DOWNLOAD THE STUDY