Good news, everyone! The world of patching has been quiet this week with no high-profile security releases!

Take this opportunity to deploy both the Microsoft OS and .Net non-security updates released over the past two weeks. This will clean up some of the stability issues left over from earlier in the month. In the wake of July’s quality concerns, patching veteran Susan Bradley wrote an open letter to Microsoft posted at ComputerWorld.

NetSpectre

2018 will be remembered as the year of Spectre/Meltdown, with still new variants being discovered throughout the year. Late last week, researchers from the Graz University of Technology in Austria released a research paper titled “NetSpectre: Read Arbitrary Memory over Network” describing where an attacker can exfiltrate data by targeting the computer’s network ports.

This exploit uses the Spectre variant 1 vulnerability (CVE-2017-5753) that was initially announced in January, but the complexity of remediation should not be underestimated. Although your operating systems are up to date, you may still be vulnerable. Full remediation requires a two-step process of OS patching and firmware updates.

First, the OS must be updated. For Windows, there are a dizzying number of patches that can be applied to remediate this vulnerability. With the cumulative patch model for Windows 10, any patch released on January Patch Tuesday or later will mitigate CVE-2017-5753. For Windows 8.1/2012 R2 and earlier, a Security-Only bundle released in January or February, or a Monthly-Rollup released on January or later will cover this vulnerability. But remember, to stay ahead of this game, you should always deploy the latest updates to get the latest security fixes.

Second, the computer’s firmware needs to be patched. This is usually in the form of a BIOS update. While there is no centralized location for these patches, here are links to a few common vendors:

Third-Party Updates

Here are the other updates we released in our content this week. These updates might not have CVEs, but they may still have helpful stability fixes as well as undisclosed security fixes:

Ivanti ID

Ivanti KB

Bulletin Title

ALLSYNC-006

QALLSYNC18711

Allway Sync 18.7.11

CHROME-231

QGC680344084

Google Chrome 68.0.3440.84

DROPBOX-089

QDROPBOX54490

DropBox 54.4.90

GOODSYNC-091

QGS1095

GoodSync 10.9.5

GOTOM-047

QGTM832

GoToMeeting 8.32.0

LIBRE-099

QLIBRE606

LibreOffice 6.0.6

MSNS18-08-VS2017

QVS20171576

Visual Studio 2017 version 15.7.6

PLXS-024

QPLXS11355291

Plex Media Server 1.13.5.5291

RTS4-013

QRTS40360729

Royal TS 4.3.60729

SM18-2494

QSM2494

SeaMonkey 2.49.4

TSF-012

QTSF421470

TreeSize Free 4.2.1.470

More Patch Resources: