Key Takeaways
- Microsoft’s November Patch Tuesday produced “Query is Corrupt” errors in Access. KB4484198 fixes the problem for Office 2016 MSI. Office 2010 and 2013 remain unpatched and the Office 365 fix is undocumented.
- Kaspersky found 37 vulnerabilities in four VNC products, including 22 in UltraVNC, that could allow attackers to execute arbitrary commands. Patches are expected soon.
- Google released Chrome 78.0.3904.108 with five security fixes and two high severity Bluetooth related CVEs. Ivanti published non‑security updates for dozens of applications such as Tomcat, Node.js, Tableau and TeamViewer.
Fallout from Patch Tuesday rolled into this week with Microsoft announcing a new issue surrounding Access databases. According to Microsoft’s support article, after systems were updated with specific Microsoft Office November Patch Tuesday patches, the end user would get an error stating “Query is Corrupt” in all versions of Access. As of writing this, Microsoft has released KB4484198 for Office 2016 MSI instances, but has yet to release updates for 2010 and 2013 installations. Interestingly enough, there was a release for all branches of O365 at the end of the week, but no documentation currently reflects the fix.
In the news, numerous security vulnerabilities have been found in four popular VNC titles. According to The Hacker News, Kaspersky discovered a total of 37 vulnerabilities throughout the products, some of which have existed over the last 20 years. Many of these vulnerabilities, if exploited, could lead to the attacker gaining control of the system where arbitrary commands could be executed on the endpoint. UltraVNC topped the list with a massive 22 vulnerabilities alone. Keep an eye out for releases on these software titles soon so your affected environments can be protected as soon as possible.
Security Releases
Google released a security update for its Chrome browser under version 78.0.3904.108, with a total of five security fixes. Two of the security fixes were assigned CVEs with “High” severity where an attacker could leverage the Bluetooth functionality to execute arbitrary code on the system. Let’s just hope this update doesn’t have any experimental features enabled on it like the last Chrome release!
Third-Party Updates
There might have only been a single security release for the week, but that’s far from all the updates we released in our content. Here’s a list of the non-security patches over this week to take note of:
|
Software Title |
Ivanti ID |
Ivanti KB |
|
Apache Tomcat 8.5.49.0 |
TOMCAT-147 |
QTOMCAT85490 |
|
Apache Tomcat 9.0.29.0 |
TOMCAT-148 |
QTOMCAT90290 |
|
Audacity 2.3.3.0 |
AUDACITY-233 |
QAUD2330 |
|
CDBurnerXP 4.5.8.7128 |
CDBXP-049 |
QCDBXP4587128 |
|
CoreFTP LE 2.2.1947 |
COREFTP-041 |
QCFTP221947 |
|
GOM Player 2.3.47.5309 |
GOM-032 |
QGOM23475309 |
|
Microsoft Power BI Desktop 2.75.5649.801 |
PBID-073 |
QBI2755649801 |
|
Node.JS 12.13.1 (LTS Upper) |
NOJSLU-013 |
QNODEJSLU12131 |
|
Node.JS 13.2.0 (Current) |
NOJSC-029 |
QNODEJSC1320 |
|
Opera 65.0.3467.48 |
OPERA-239 |
QOP650346748 |
|
Royal TS 5.01.61114.0 |
RTS5-009 |
QRTS501611140 |
|
Snagit 2020.0.2 |
SNAG-032 |
QSNAG2002 |
|
Tableau Desktop 2019.1.10 |
TABDESK2019-021 |
QTABDESK2019110 |
|
Tableau Desktop 2019.2.6 |
TABDESK2019-020 |
QTABDESK201926 |
|
Tableau Desktop 2019.3.2 |
TABDESK2019-019 |
QTABDESK201932 |
|
TeamViewer 15.0.8397 |
TVIEW-059 |
QTVIEW1508397 |
|
TreeSize Free 4.4.1.510 |
TSF-020 |
QTSF441510 |
|
UltraVNC 1.2.3.0 |
UVNC-024 |
QUVNC1230 |
