Patching in Review – Week 29 of 2019
If you thought Patch Tuesday was over, you’re sorely mistaken! With Oracle’s quarterly security release alongside a security update for Google Chrome, the world of patching never sleeps.
Although not on the Windows platform, Zoom for Mac has been in the spotlight this week with numerous glaring security holes. TheHackerNews has been covering this developing story in detail.
First, on July 9th, it was found that Zoom runs a local web server that can be exploited by any website, allowing an attacker to enable the webcam. Apple worked closely with Zoom to release a MacOS update a day later to effectively block the web server. Next, on July 13th, an additional Remote Code Execution vulnerability was found in the same software where the endpoint receives commands remotely through the Zoom client. Finally, Zoom also contains two rebranded versions that are also vulnerable. While on MacOS, this is a fascinating story around the importance of transparency and the value of security researchers.
Security Releases
Oracle released its quarterly Critical Patch Update this week, with a total of 319 vulnerabilities. For Windows, Java SE released with a total of 10 CVEs remediated. This is the first Java SE release that adheres to the new License Agreement for commercial use, so make it a point to ensure your compliance. VirtualBox 5.2.32 and 6.0.10 released with Oracle’s July CPU as well, with a total of 14 vulnerabilities covered with the most severe CVE getting a CVSSv3 score of 8.8.
Google Chrome released 75.0.3770.142 containing two security fixes. The first vulnerability under CVE-2019-5847 details an error related to V8 that could be exploited to crash the application. The second vulnerability under CVE-2019-5848 details an exfiltration exploit related to font sizes.
Third-Party Updates
Although the updates above take priority, other vendors have been releasing non-security updates for their software. See the list below to add these to your next cycle:
Software Title |
Ivanti ID |
Ivanti KB |
Azure Information Protection Client 1.53.10.0 |
AIPC-009 |
QAIPC153100 |
Blue Jeans 2.14.452.0 |
JEANS-020 |
QBJN2144520 |
CCleaner 5.60.7307 |
CCLEAN-082 |
QCCLEAN5607307 |
DropBox 77.4.131 |
DROPBOX-114 |
QDROPBOX774131 |
GoodSync 10.10.1 |
GOODSYNC-124 |
QGS101011 |
Opera 62.0.3331.72 |
OPERA-221 |
QOP620333172 |
Paint.net 4.2.0 |
PDN-010 |
QPDN420 |
Plex Media Player 2.37.2 |
PLXP-041 |
QPLXP2372 |
Plex Media Server 1.16.2.1297 |
PLXS-039 |
QPLXS11621297 |
Zoom Client 4.4.55389 |
ZOOM-026 |
QZOOM4455389 |