Patching in Review – Week 36 of 2019
Brian Secrist
Is Patch Tuesday coming up so soon? It feels like we just had one! Make sure to register for our Patch Tuesday webinar if you haven’t already to get a detailed summary of Microsoft’s releases next week.
Microsoft finally released the mid-month non-security update for Windows 10 1903 under KB4512941. This patch came surprisingly late considering the high-profile bug around Visual Basic applications. The list of fixes is impressive, but it looks like a much more annoying bug is included. According to BornCity, a couple of issues around Search and RDP are causing high CPU usage, which has now been confirmed by Microsoft. Unfortunately, Microsoft’s expected ETA on a resolution is “mid-September” so there’s a high probability this bug will be present in September’s Patch Tuesday release.
Security Releases
Mozilla released a new major version of its Firefox browser this week with a total of 20 CVEs in the main release branch. CVE-2019-11751 stands out from the pack in this release where an exploit was found in the command line parameters. In the description, a user could click a malicious link that would launch Firefox and write a log file to an arbitrary location such as “Startup” for later execution. Aside from the CVEs, Firefox 69 contains two great new features, blocking third-party tracking cookies and cryptominers. It’s also worth noting that this is the end of Firefox ESR 60, so expect an upgrade to 68 in the next Firefox release! See the grid of CVEs and color-coded severities below for further details:
|
CVE-2019-11751 |
CVE-2019-11751 |
|
|
CVE-2019-11746 |
CVE-2019-11746 |
CVE-2019-11746 |
|
CVE-2019-11744 |
CVE-2019-11744 |
CVE-2019-11744 |
|
CVE-2019-11742 |
CVE-2019-11742 |
CVE-2019-11742 |
|
CVE-2019-11736 |
CVE-2019-11736 |
|
|
CVE-2019-11753 |
CVE-2019-11753 |
CVE-2019-11753 |
|
CVE-2019-11752 |
CVE-2019-11752 |
CVE-2019-11752 |
|
CVE-2019-9812 |
CVE-2019-9812 |
CVE-2019-9812 |
|
CVE-2019-11743 |
CVE-2019-11743 |
CVE-2019-11743 |
|
CVE-2019-11748 |
CVE-2019-11748 |
|
|
CVE-2019-11749 |
CVE-2019-11749 |
|
|
CVE-2019-5849 |
||
|
CVE-2019-11750 |
CVE-2019-11750 |
|
|
CVE-2019-11737 |
||
|
CVE-2019-11738 |
CVE-2019-11738 |
|
|
CVE-2019-11747 |
CVE-2019-11747 |
|
|
CVE-2019-11734 |
||
|
CVE-2019-11735 |
CVE-2019-11735 |
|
|
CVE-2019-11740 |
CVE-2019-11740 |
CVE-2019-11740 |
|
CVE-2019-11741 |
Third-Party Updates
As always, our other supported third-party vendors have been releasing non-security updates for their respective products. While these updates might not have CVEs, they may also contain valuable stability updates for your end users:
|
Software Title |
Ivanti ID |
Ivanti KB |
|
CoreFTP LE 2.2.1939 |
COREFTP-039 |
QCFTP221939 |
|
GoToMeeting 8.47.1 |
GOTOM-070 |
QGTM8471 |
|
LibreOffice 6.2.7.1 |
LIBRE-116 |
QLIBRE6271 |
|
LibreOffice 6.3.1.2 |
LIBRE-117 |
QLIBRE6312 |
|
Node.JS 12.10.0 (Current) |
NOJSC-023 |
QNODEJSC12100 |
|
Opera 63.0.3368.71 |
OPERA-227 |
QOP630336871 |
|
PeaZip 6.9.2 |
PZIP-019 |
QPZIP692 |
|
RealTimes RealPlayer 18.1.18.202 |
RP18-019 |
QRP18118202 |
|
VirtualBox 6.0.12 |
OVB-026 |
QOVB6012 |
|
Visual Studio Code 1.38.0 |
MSNS19-0905-CODE |
QVSCODE1380 |
|
XnView 2.49 |
XNVW-009 |
QXNVW249 |
