Patching in Review – Week 23 of 2019
Brian Secrist
As we brace ourselves for another Patch Tuesday in the wake of BlueKeep, we all hope for a quiet cycle next week. No matter what the week brings, make sure to tune into our June Webinar on Wednesday to get the latest news on this month’s patches.
While BlueKeep has been the headliner for the month, an older Microsoft Office vulnerability is still being exploited in the wild. According to ZDNet, CVE-2017-11882 is being targeted again through a new phishing campaign. This vulnerability can be exploited through RTF files were embedded code downloads a trojan to open a backdoor in the system. Only unpatched machines should be vulnerable here as patches for Office 2007 – 2016 were released November 2017. While it has been relatively quiet on an active attack against BlueKeep, it is just a matter of time before the same campaigns start ramping up so make sure to get your endpoints secure to the next campaign.
Security Updates
Following a recent pattern, Google released a new major version of their Chrome browser this week. Google Chrome 75.0.3770.80 released this week with a total of 42 security fixes and 13 assigned CVEs. The two higher profile vulnerabilities are CVE-2019-5828 and CVE-2019-5829 which detail two different use after free flaws that could allow an attacker to execute arbitrary code on the endpoint.
Third-Party Updates
Our other supported vendors have been busy this week with non-security fixes for the software below. Make sure to include notable titles in your upcoming patching cycle as they may contain valuable stability fixes.
|
Software Title |
Ivanti ID |
Ivanti KB |
|
Blue Jeans 2.13.312.0 |
JEANS-017 |
QBJN2133120 |
|
CCleaner 5.58.7209 |
CCLEAN-080 |
QCCLEAN5587209 |
|
DropBox 74.4.115 |
DROPBOX-110 |
QDROPBOX744115 |
|
Firefox 67.0.1 |
FF19-012 |
QFF6701 |
|
Google Backup and Sync 3.44.4943.6228 |
GSYNC-018 |
QGBS34449436228 |
|
KeePass Pro 2.42.1 |
KEEP-032 |
QKPP2421 |
|
Opera 60.0.3255.151 |
OPERA-216 |
QOP6003255151 |
|
RealTimes RealPlayer 18.1.17.202 |
RP18-018 |
QRP18117202 |
|
Snagit 2019.1.2 |
SNAG-025 |
QSNAG1912 |
|
Splunk Universal Forwarder 7.3.0 |
SPLUNKF-038 |
QSPLUNKF730 |
|
TeamViewer 14.3.4730 |
TVIEW-049 |
QTVIEW1434730 |
