Patching in Review – Week 44 of 2019
Brian Secrist
Boo! Google Chrome Zero-Day! Scared you, didn’t I? Unfortunately, this is not just a ghost story with a confirmed exploit in the wild for everyone’s favorite web browser.
In the news, Microsoft has acknowledged a new known issue from October Patch Tuesday where TLS and SSL connections will intermittently fail. Under Microsoft’s support article, the fix for CVE-2019-1318 may result in connections erroring out with 0x8009030f. Fortunately, multiple workarounds are now provided to those that are experiencing this issue. All Security-Only and Monthly Rollup patches released on Patch Tuesday are affected by this, so make sure to keep an eye out for this new issue in your environments.
Security Releases
Chrome is back for an encore this month with its second zero-day for the year. With an appropriate late release on Halloween, version 78.0.3904.87 includes two security fixes with CVE-2019-13720 taking the spotlight. Details on this use-after-free vulnerability are scarce at the time of writing other than Google’s acknowledgement of an exploit in the wild. In early March this year, a different use-after-free vulnerability under CVE-2019-5786 was exploited in the wild in conjunction with CVE-2019-0808, a Windows vulnerability.
Apple released iTunes 12.10.2 and iCloud 7.15 this week covering a total of 16 vulnerabilities. CVE-2019-8801 stands out from the group and is unique to iTunes where the installer could be used to execute an untrusted DLL under the signed installer process. The bulk of the other vulnerabilities are shared with Apple’s Safari browser on macOS to protect the application from exploitation if used to browse web content.
Third-Party Updates
Here are the other updates we released in our content this week. These updates might not have CVEs, but they may still have helpful stability fixes as well as undisclosed security fixes:
|
Software Title |
Ivanti ID |
Ivanti KB |
|
Adobe Acrobat DC and Reader DC 15.006.30505 |
ARDC19-012 |
QADC1500630505 |
|
Adobe Acrobat DC and Reader DC 17.011.30152 |
ARDC19-013 |
QADC1701130152 |
|
DropBox 84.4.170 |
DROPBOX-124 |
QDROPBOX844170 |
|
GIMP 2.10.14 |
GIMP-019 |
QGIMP21014 |
|
GoToMeeting 10.2.1 |
GOTOM-075 |
QGTM1021 |
|
LibreOffice 6.3.3.2 |
LIBRE-120 |
QLIBRE6332 |
|
Notepad++ 7.8.1 |
NPPP-095 |
QNPPP781 |
|
Opera 64.0.3417.83 |
OPERA-235 |
QOP640341783 |
|
Plex Media Server 1.18.1.1973 |
PLXS-049 |
QPLXS11811973 |
|
Slack Machine-Wide Installer 4.1.2 |
SMWI-037 |
QSLACK412 |
|
TortoiseSVN 1.13.0 |
TORT-035 |
QTORT1130 |
|
TreeSize Free 4.4.0.508 |
TSF-019 |
QTSF440508 |
|
Visual Studio 2019 version 16.3.7 |
MSNS19-1030-VS2019 |
QVS20191637 |
