Patching in Review – Week 4 of 2020
Brian Secrist
We just wrapped up the first patch week of the year, and Microsoft is keeping things interesting with a newly announced IE zero-day vulnerability, but with no patch. According to Microsoft’s advisory, there are limited active attacks against CVE-2020-0674 where a malicious website could allow an attacker access to the system. For a temporary, but risky fix, Microsoft has provided a workaround within the advisory jscript would need to be restricted on the endpoint.
This might be the end of Windows 7 servicing, but Microsoft left us with a final present. It appears the final security update is breaking desktop wallpaper of all things, leaving a black background instead. Currently there’s no word whether Microsoft will provide a non-security fix, or if the unlucky users are stuck with this bug on their unsupported OS.
To play a bit of catch up, I’m coming in with the whole month of January. Please see the other articles below to get prepared for February’s patch week!
Security Releases
Snagit was the only security release from our vendors this week with a single vulnerability. Version 2018.2.5 covers CVE-2019-5100 where their third-party BMP library could be used to execute arbitrary code on the system.
Third-Party Updates
Even though we took a break this week in security releases, this non-security list is more than enough. See the summary of our additional patches for the week below.
|
Software Title |
Ivanti ID |
Ivanti KB |
|
Adobe Flash Player 32.0.0.321 |
AFP32-200121 |
QAF3200321 |
|
Camtasia 2019.0.9 |
CAMTA19-200121 |
QCAMTASIA1909 |
|
Dropbox 89.4.278 |
DROPBOX-200123 |
QDROPBOX894278 |
|
Falcon sensor for Windows 5.24.10609 |
CSFS-200122 |
QFS52410609 |
|
GOM Player 2.3.49.5312 |
GOM-200128 |
QGOM23495312 |
|
GoodSync 10.10.20.7 |
GOODSYNC-200124 |
QGS1010207 |
|
Google Backup and Sync 3.48.8668.1933 |
GSYNC-200127 |
QGBS34886681933 |
|
Node.JS 13.7.0 (Current) |
NOJSC-200122 |
QNODEJSC1370 |
|
Opera 66.0.3515.44 |
OPERA-200122 |
QOP660351544 |
|
Plex Media Player 2.49.0 |
PLXP-200122 |
QPLXP2490 |
|
Slack Machine-Wide Installer 4.3.2.0 |
SMWI-200122 |
QSLACK4320 |
|
Tableau Desktop 2018.3.14 |
TABDESK20183-200124 |
QTABDESK2018314 |
|
Tableau Desktop 2019.1.12 |
TABDESK20191-200124 |
QTABDESK2019112 |
|
Tableau Desktop 2019.2.8 |
TABDESK20192-200124 |
QTABDESK201928 |
|
Tableau Desktop 2019.3.4 |
TABDESK20193-200124 |
QTABDESK201934 |
|
Tableau Desktop 2019.4.2 |
TABDESK20194-200124 |
QTABDESK201942 |
|
Tableau Reader 2019.4.2 |
TABREAD20194-200124 |
QTABREAD201942 |
|
Thunderbird 68.4.2 |
TB-200124 |
QTB6842 |
|
WinZip 23.0.13431 |
WZ23-200128 |
QWZ23013431 |
|
Zoom Client 4.6.17409.120 |
ZOOM-200121 |
QZOOM4617409 |
