This week we can christen 2020 with our fist zero-day! Other patching news has been relatively quiet this week so let’s get to it.

To play a bit of catch up, I’m coming in with the whole month of January. Please see the other articles below to get prepared for February’s patch week!

Security Releases

The highest profile releases this week are awarded to Firefox with not just one, but two releases including a zero day! Firefox and Firefox ESR initially released under version 72.0 and 68.4.0, but the next day released 72.1 and 68.4.1. The actively exploited vulnerability, CVE-2019-17206, details a flaw in the IonMonkey JIT compiler where an attacker can execute code within the application sandbox. This update comes 7 months after the Mozilla’s last patch containing a pair of zero-day vulnerabilities.

Third-Party Updates

The second week of the year has proven to be far more active with a substantial list of non-security patches. Review the list below for any patches relevant to your environment.

Software Title

Ivanti ID

Ivanti KB

AIMP 4.60.2169

AIMP-200109

QAIMP4602169

BlueJeans 2.18.39.0

JEANS-200106

QBJN218390

Cumulative Update 1 for SQL Server 2019

SQL2019-CU01

Q4527376

Dropbox 88.4.172

DROPBOX-200107

QDROPBOX884172

Google Backup and Sync 3.47.8667.1399

GSYNC-200109

QGBS34786671399

Google Chrome 79.0.3945.117

CHROME-200107

QGC7903945117

Node.JS 10.18.1 (LTS Lower)

NOJSLL-200109

QNODEJSLL10181

Node.JS 12.14.1 (LTS Upper)

NOJSLU-200108

QNODEJSLU12141

Node.JS 13.6.0 (Current)

NOJSC-200108

QNODEJSC1360

Opera 66.0.3515.27

OPERA-200108

QOP660351527

PDF-Xchange PRO 8.0.336.0

PDFX-200107

QPDFX803360

Plex Media Player 2.48.0

PLXP-200108

QPLXP2480

Plex Media Server 1.18.4.2171

PLXS-200107

QPLXS11842171

Snagit 2020.1.0

SNAG20-200107

QSNAG2010

Thunderbird 68.4.1

THUNDERBIRD-200110

QTB6841