Patching in Review – Week 47
Although it has been a short week, the patching world has not been short on high-priority updates. With a critical out-of-band Adobe Flash release and a Google Chrome security release, it might be worth considering a patching cycle over this holiday weekend.
Before we get around to the updates for the week, ZDNet has an article around a new phishing attack to be aware of. Palo Alto Networks has discovered that the Fancy Bear hacking group has been distributing phishing emails with “Lion Air Boeing 737.docx” attached. This document requires the user to enable macros that will begin the malware installation. Two different trojans have been observed though this delivery process, so make sure to keep your userbase educated on these attacks.
Security Releases
Adobe leads the pack this week with an out-of-band Flash release. APSB18-44 details Flash 31.0.0.153, which remediates a flaw classified as CVE-2018-15981. This critical vulnerability can simply be attacked through a malicious .swf file within a webpage. Microsoft also released its flavor of flash as KB4477029 detailed under ADV180030 with some additional workaround information. Make sure to update the ActiveX Plugin, NPAPI Plugin, PPAPI Plugin, as well as Microsoft’s Flash Plugin as soon as possible to protect yourself from this relatively simple attack.
Google Chrome also released 70.0.3538.110 this week with a single vulnerability under CVE-2018-17479. This Use-After-Free GPU vulnerability has a “High” severity that can be used to execute arbitrary code. As a reminder, Google Chrome has a built-in flash plugin that contains its own update mechanism and can be verified by typing “chrome://components” in the browser’s address bar.
Third-Party Updates
Of course, other vendors have been releasing updates for their respective software in this short week. While these updates might not have identified vulnerabilities, they still have helpful stability fixes as well as potential undisclosed security fixes:
Software Title |
Ivanti ID |
Ivanti KB |
Apache OpenOffice 4.1.6 |
OROO-012 |
QOROO416 |
Apache Tomcat 7.0.92 |
TOMCAT-123 |
QTOMCAT7092 |
GOM Player 2.3.35.5296 |
GOM-019 |
QGOM23355296 |
GoToMeeting 8.37.0 |
GOTOM-054 |
QGTM8370 |
LogMeIn 4.1.11776 |
LMI-013 |
QLMI4111776 |
Microsoft Power BI Desktop 2.64.5285.741 |
PBID-044 |
QBI2645285741 |
Webex Productivity Tools 33.0.6.8 |
WPT-025 |
QWPT33068 |
WinSCP 5.13.5 |
WINSCP-021 |
QWINSCP5135 |
Zoom Client 4.1.34814 |
ZOOM-013 |
QZOOM4134814 |
Zoom Outlook Plugin 4.4.39417.1116 |
ZOOMOUT-003 |
QZOOMO4439417 |
More Patch Resources:
- Patching in Review – Week 45
- Patching in Review – Week 44
- Patching in Review – Week 43
- Patching in Review – Week 42
- Patching in Review – Week 40
- Patching in Review – Week 39
- Patching in Review – Week 38
- Patching in Review – Week 36
- Patching in Review – Week 35
- Patching in Review – Week 25
- Patch Tuesday Blogs
- Patch Tuesday Resource Page
- Ivanti Security Products