Patching in Review – Week 43 of 2019
Brian Secrist
With major releases from both Firefox and Chrome this week, there has been enough to keep everyone busy for the month. In case you missed it, check out October Threat Thursday where we analyze the biggest security threats for the month!
In the news, Microsoft SQL 2012 and 2014 are being actively attacked in the wild with previously unknown malware. Dubbed “Skip-2.0” by ESET security researchers, this backdoor malware is designed to be laid down after a successful exploit. After implementation, remote attackers can then connect later with a known password. This allows the attackers to then access, modify, or delete data at their convenience without creating a larger footprint than is necessary.
Security Releases
Google released Chrome 78 on Tuesday with a total of 37 security fixes, including 21 CVEs. While this release contains valuable security fixes, it appears that Symantec Endpoint Protection is not playing nicely with the update. According to Symantec’s support article, all tabs will crash in a browser session with the notorious “Aw, Snap!” error page. This error appears to be caused by Microsoft’s Code Integrity feature and can be disabled as a workaround until SEP can be upgraded later.
Firefox 70 released on Tuesday as well, with a total of 13 CVEs listed in Mozilla’s security advisory. The most interesting feature is titled “Firefox Lockwise” that will keep track of the latest data breaches in relation to saved credentials and alert you if a breach occurs. As with most major releases by Mozilla, Firefox ESR 68.2 and Thunderbird 68.2 released as well, with many shared fixes to the vulnerabilities found in the leading branch.
Third-Party Updates
While Google and Mozilla were the high-profile releases this week, our other supported vendors were busy providing non-security updates for their products. Review the list below to make sure you stay up to date on your full environment.
|
Software Title |
Ivanti ID |
Ivanti KB |
|
Adobe Acrobat DC and Acrobat Reader DC 19.021.20049 |
ARDC19-011 |
QADC1902120049 |
|
GoodSync 10.10.10.10 |
GOODSYNC-132 |
QGS10101010 |
|
GoToMeeting 10.1.2.15251 |
GOTOM-074 |
QGTM1012 |
|
Microsoft Power BI Desktop 2.74.5619.841 |
PBID-070 |
QBI2745619841 |
|
Microsoft Power BI Desktop 2.74.5619.862 |
PBID-071 |
QBI2745619862 |
|
Nitro Pro 13.2.6.26 |
NITRO-028 |
QNITRO132626 |
|
Nitro Pro Enterprise 13.2.6.26 |
NITROE-009 |
QNITROE132626 |
|
Node.JS 10.17.0 (LTS Lower) |
NOJSLL-008 |
QNODEJSLL10170 |
|
Node.JS 12.13.0 (LTS Upper) |
NOJSLU-012 |
QNODEJSLU12130 |
|
Node.JS 13.0.1 (Current) |
NOJSC-027 |
QNODEJSC1301 |
|
Opera 64.0.3417.73 |
OPERA-234 |
QOP640341773 |
|
Snagit 2020.0.0 |
SNAG-030 |
QSNAG2000 |
|
Splunk Universal Forwarder 8.0.0 |
SPLUNKF-042 |
QSPLUNKF800 |
|
TeamViewer 11.3.17789 |
TVIEW-058 |
QTVIEW11317789 |
|
TeamViewer 12.3.17791 |
TVIEW-057 |
QTVIEWH12317791 |
|
TeamViewer 13.2.36216 |
TVIEW-056 |
QTVIEWH13236216 |
|
TeamViewer 14.7.1965 |
TVIEW-055 |
QTVIEWH1471965 |
|
VMware Tools 11.0.1 |
VMWT-030 |
QVMWT1101 |
|
Wireshark 2.6.12 |
WIRES-105 |
QWIRES2612 |
|
Wireshark 3.0.6 |
WIRES-104 |
QWIRES306 |
