Although it has been a short week, the patching world has not been short on high-priority updates. With a critical out-of-band Adobe Flash release and a Google Chrome security release, it might be worth considering a patching cycle over this holiday weekend.

Before we get around to the updates for the week, ZDNet has an article around a new phishing attack to be aware of. Palo Alto Networks has discovered that the Fancy Bear hacking group has been distributing phishing emails with “Lion Air Boeing 737.docx” attached. This document requires the user to enable macros that will begin the malware installation. Two different trojans have been observed though this delivery process, so make sure to keep your userbase educated on these attacks.

Security Releases

Adobe leads the pack this week with an out-of-band Flash release. APSB18-44 details Flash 31.0.0.153, which remediates a flaw classified as CVE-2018-15981. This critical vulnerability can simply be attacked through a malicious .swf file within a webpage. Microsoft also released its flavor of flash as KB4477029 detailed under ADV180030 with some additional workaround information. Make sure to update the ActiveX Plugin, NPAPI Plugin, PPAPI Plugin, as well as Microsoft’s Flash Plugin as soon as possible to protect yourself from this relatively simple attack.

Google Chrome also released 70.0.3538.110 this week with a single vulnerability under CVE-2018-17479. This Use-After-Free GPU vulnerability has a “High” severity that can be used to execute arbitrary code. As a reminder, Google Chrome has a built-in flash plugin that contains its own update mechanism and can be verified by typing “chrome://components” in the browser’s address bar.

Third-Party Updates

Of course, other vendors have been releasing updates for their respective software in this short week. While these updates might not have identified vulnerabilities, they still have helpful stability fixes as well as potential undisclosed security fixes:

Software Title

Ivanti ID

Ivanti KB

Apache OpenOffice 4.1.6

OROO-012

QOROO416

Apache Tomcat 7.0.92

TOMCAT-123

QTOMCAT7092

GOM Player 2.3.35.5296

GOM-019

QGOM23355296

GoToMeeting 8.37.0

GOTOM-054

QGTM8370

LogMeIn 4.1.11776

LMI-013

QLMI4111776

Microsoft Power BI Desktop 2.64.5285.741

PBID-044

QBI2645285741

Webex Productivity Tools 33.0.6.8

WPT-025

QWPT33068

WinSCP 5.13.5

WINSCP-021

QWINSCP5135

Zoom Client 4.1.34814

ZOOM-013

QZOOM4134814

Zoom Outlook Plugin 4.4.39417.1116

ZOOMOUT-003

QZOOMO4439417

More Patch Resources: