More patches everyone! As always Adobe Flash and Reader programs are popular targets for drive by downloads and spear phishing attacks. There are patches for Apple Safari, Google Chrome, and Mozilla Firefox which all have potential arbitrary code execution vulnerabilities. Apply these patches if you use these browsers. Finally, apply the patch for Mozilla Thunderbird if this is the email client that is being used.
So, get updated as soon as possible. Here are your May 2015 third party program patches:
Key:1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation
APSB15-09 Adobe Flash
Win/Mac 17.0.0.169 and earlier, Win/Mac ESR 13.0.0.281 and earlier, Linux 11.2.202.457 and earlier
5/12/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours
APSB15-10 Adobe Reader
Reader/Acrobat 11.0.10 and earlier, Reader/Acrobat 10.1.13 and earlier
5/7/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours
8.0.6/7.1.6/6.2.6 Apple Safari
Before Safari 8.0.6/7.1.6/6.2.6
5/6/2015
Arbitrary Code Execution, Denial of Service, Information Disclosure, Spoofing
Update as soon as possible
43.0.2357.65 Google Chrome
Before Chrome 43.0.2357.65
5/19/2015
Arbitrary Code Execution, Denial of Service, Security Bypass
Update as soon as possible
38/ESR.7 31.7 Mozilla Firefox
Before Firefox 38
5/12/2015
Arbitrary Code Execution, Denial of Service, Privilege Escalation, Security Bypass, Information Disclosure
Update as soon as possible
31.7 Mozilla Thunderbird
Before Thunderbird 31.7
5/12/2015
Arbitrary Code Execution, Denial of Service, Privilege Escalation
Update as soon as possible
Vulnerabilities in third party apps are being exploited like never before. The bad guys have turned away from the Microsoft Operating System (patch Tuesday isn’t perfect but is good enough to force the many exploits in 3rd. party programs). The existence of these third party vendors (Adobe, Oracle, Apple, etc.) is not threatened, so they will never perfect a patching strategy the way Microsoft did. Heck, their so called “automatic updates” don’t even work!
So, get updated as soon as possible. Here are your April 2015 third party program patches:
Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation
APSB15-06 Adobe Flash Win/MAC
before 17.0.0.169 / ESR 13.0.0.281 Linux before 11.2.202.457
4/14/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours
APSB15-07 Adobe ColdFusion
Version 11 before Update 5 Version 10 before update 6
4/14/2015
Cross Site Scripting
Important: Priority 2/ Upgrade within 30 days
APSB15-08 Adobe Flex
4.6 and earlier
4/14/2015
Cross Site Scripting
Important: Priority 3/ Update at the administrator’s discretion
8.0.5/7.1.5/6.2.5 Apple Safari
Before 8.0.5/7.1.5/6.2.5
4/8/2015
Arbitrary Code Execution, Denial of Service, Security Bypass, Information Disclosure
Update as soon as possible
42.0.2311.90 Google Chrome
Before 42.0.2311.90
4/14/2015
Denial of Service, Security bypass, Information Disclosure
Update at admin’s discretion.
37.0.2 Mozilla Firefox
Before 37.0.2
4/20/2015
Arbitrary Code Execution, Denial of Service, Security Bypass, Spoofing
Update as soon as possible
April CPU Java
Java SE 5.0u81, Java SE 6u91, Java SE 7u76, Java SE 8u40
4/15/2015
Arbitrary Code Execution, Security Bypass
Update as soon as possible
Adobe Flash had a critical update (arbitrary code execution) for the month of March. All of the browsers listed below had multiple vulnerabilities (all arbitrary code executions except for Chrome) that were fixed. This post takes into consideration updates as of about a week ago – there may have been even more recent updates since then. Get updated as soon as possible.
1)Identifier
2)Vendor/Product
3)Product Version Affected
4)Date Released by Vendor
5)Vulnerability Info
6)Severity / Recommendation
APSB15-05 Adobe Flash
Win/MAC 16.0.0.30 and earlierLinux11.2.202.44 And earlier
3/12/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours
41.0.2272.101 Google Chrome
Win/Mac/Linux before 41.0.2272.101
3/19/2015
Denial of Service, Security Bypass, Information Disclosure,
Update at admin’s discretion.
36.0.4/ESR 31.5.3 Mozilla Firefox
Before 36.0.4/31.5.3
3/20/2015
Arbitrary Code Execution, Privilege Escalation
Update as soon as possible
2.33.1 Mozilla SeaMonkey
Before 2.33.1
3/20/2015
Arbitrary Code Execution, Privilege Escalation
Update as soon as possible
8.0.4/7.1.4/6.2.4 Apple Safari
Before 8.0.4/7.1.4/6.2.4
3/17/2015
Arbitrary Code Execution, Denial of Service,
Update as soon as possible
A client gave me a Dell 660s Windows 8.1 desktop that would not boot. It was stuck in an automatic repair loop, but nothing was being repaired.
Just for good measure, I installed a new SATA hard drive and I was set to reinstall the 8.1 operating system. Piece of cake right?
Not quite. Every time that I attempted to clean install Windows 8 these messages appeared:
Windows cannot be installed to this disk. This computers hardware may not support booting to this disk. Ensure that the disk’s controller is enabled in the computers BIOS menu.
Here is how I solved the problem:
1) I went into the Dell BIOS (at the Dell logo during restart, tap the <F2> key repeatedly).
2) I disabled UEFI Secure Boot
3) I disabled Fast Startup
4) I changed the Boot Mode from UEFI to Legacy
5) And finally the clincher (in my case): I changed the SATA mode from AHCI to ATA
I booted the machine back up with the Windows 8 installation disk in the CD/DVD drive and the Windows 8 operating system installed as it should. Success!
It’s just not enough to keep your Operating System patched. Many malicious exploits are finding entrance into your machine through third party programs. Below are the February 2015 third party patches. I recommend removing local admin rights on your computer (#4 here) to lower the risk of being bit by software like Adobe, Chrome, and Firefox. Get updated/patched as soon as possible!
Key: 1)Identifier 2)Vendor/Product Version Affected 3)Date Released by Vendor 4)Vulnerability Info. 5)Vendor Severity/Recommendation
APSB15-04 Adobe Flash Win/MAC before 16.0.0.305, Linux before 11.2.202.442
2/19/2015
Arbitrary Code Execution Critical: Priority 1
Upgrade within 72 hours
40.0.2214.115 Google Chrome Win/Mac/Linux before 40.0.2214.115
2/19/2015
Privilege Escalation, Denial of Service, Security Bypass,
Update after testing
35 Mozilla Firefox Before 34
2/5/2015
Arbitrary Code Execution,
Denial of Service
Update after testing
It’s just not enough to keep your Operating System patched. Most malicious exploits are finding entrance into your machine through third party programs. Below are the January 2015 third party patches. Get updated as soon as possible!
Key: 1) Identifier 2) Vendor/Product 3) Product Version Affected 4) Date Released by Vendor 5) Vulnerability Info 6) Severity/Recommendation
APSB15-01 Adobe Flash
Win/Mac before 16.0.0.257
1/13/2015
Arbitrary Code Execution
Critical: Priority 1/ Upgrade within 72 hours
APSB15-01 Adobe Air
Win/Mac before 16.0.0.245
1/13/2015
Arbitrary Code Execution
Critical: Priority 3/ Upgrade at administrators discretion
APSB15-02 Adobe Flash
Win/Mac before 16.0.0.287, Linux before 11.2.202.438
1/22/2015
Security Bypass
Update as soon as possible
Oracle CPU January 2015 Java
Java SE 5.0u75, Java SE 6u85, Java SE 7u72, Java SE 8u25
1/20/2015
Arbitrary Code Execution
Update as soon as possible
40.0.2214.91 Google Chrome
Win/Mac/Linux before 40.0.2214.91
1/21/2015
Denial of Service, Spoofing, Security Bypass,
Update after testing
35/ESR 31.4 Mozilla Firefox
Before 35/ESR 31.4
1/13/2015
Arbitrary Code Execution, Privilege Escalation, Security Bypass, Denial of Service, Cross-Site Request Forgery, Data Leak
Update after testing
2.32 Mozilla Seamonkey
Before 2.32
1/13/2015
Privilege Escalation, Security Bypass, Denial of Service, Cross-Site Request Forgery, Data Leak
Update after testing
31.4 Mozilla Thunderbird
Before 31.4
1/13/2015
Security Bypass, Cross-Site Request Forgery
Update after testing
There is nothing quite like a securely patched machine. Windows does a good job patching their Operating System but you must also keep up to date with all non-Microsoft programs. Below are the critical third party updates for the month of December 2014. Get updated as soon as possible to avoid opening up your system to malicious intruders.
APSB14-29 Adobe ColdFusion: 10/11 12/9/2014 Denial of Service Important: Priority 2/ Upgrade within 30 days
APSB14-28 Adobe Reader: 11.0.09 and earlier, Acrobat: 10.1.12 and earlier 12/4/2014 Arbitrary Code Execution Critical: Priority 1/ Upgrade within 72 hours
APSB14-27 Adobe Flash Player: Windows 15.0.0.242 and earlier, Mac 13.0.0258 and earlier, Linux 11.2.202.424 and earlier 12/9/2014 Arbitrary Code Execution Critical:Priority 1/ Upgrade within 72 hours
8.0.1/7.1.1/ 6.2.1 Apple Safari Browser: Before 8.0.2, 7.1.2, and 6.2.2 12/11/2014 Security Bypass Upgrade at admin’s discretion
39.0.2171.95 Google Chrome: Before 39.0.2171.95 12/9/2014 Update for Adobe Flash Upgrade within 72 hours
34/ESR 31.3 Mozilla Firefox: Before 34/ESR 31.3 12/2/2014 Arbitrary Code Execution, Denial of Service, Information Disclosure Upgrade at admin’s discretion
31.3 Mozilla Thunderbird: Before 31.3 12/2/2014 Arbitrary Code Execution, Denial of Service, Information Disclosure Upgrade at admin’s discretion
2.31 SeaMonkey: Before 2.31 12/2/2014 Arbitrary Code Execution, Denial of Service, Information Disclosure Upgrade at admin’s discretion
Only three non-Microsoft updates this month (November 2014), but all critical. The Adobe patch fixes 18 vulnerabilities that include arbitrary code execution vulnerabilities. Google released an update to Chrome that fixes several denial of service vulnerabilities and this patch should be applied as soon as possible.
APSB14-24 Adobe Flash
Win/Mac 15.0.0.189 and earlier
Linux 11.2.202.411 and earlier
11/11/2014
Arbitrary Code Execution, Denial of Service
Critical: Priority 1/ Upgrade within 72 hours
APSB14-24 Adobe Air
15.0.0.293 and earlier
11/11/2014
Arbitrary Code Execution, Denial of Service
Critical: Priority 3/ Upgrade at admins discretion
39.0.2171.65 Google Chrome
Before 39.0.2171.65
11/18/2014
Denial of Service, Security Bypass
Upgrade at admins discretion
Microsoft Windows Update does a good job of keeping your Operating System up to date, but what about those third party programs? Here are the October 2014 third party program patches. Get updated as soon as possible.
Identifier Vendor/Product Product Version Affected/ Date Released by Vendor/ Vulnerability Info/ Vendor Severity / Recommendation
APSB14-22 Adobe Flash Player Win/Mac 15.0.0.167 and earlier 13.0.0.244 and earlier 13.x Linux 11.2.202.406 and earlier 10/14/2014 Arbitrary Code Execution Critical: Priority 1/ Upgrade within 72 hours
APSB14-22 Adobe Air Win 15.0.0.249 and earlier 10/14/2014 Arbitrary Code Execution Critical: Priority 3/ Upgrade at admins discretion
APSB14-23 Adobe ColdFusion ColdFusion 11, 10, 9.0.2, 9.0.1 and 9.0 10/14/2014 Security Bypass, Cross Site Scripting Important: Priority 2/ Upgrade within 30 days
12.0.1 Apple iTunes Before 12.0.1 10/16/2014 Arbitrary Code Execution, Denial of Service Recommended: Upgrade after testing
7.7.6 Apple QuickTime Before 7.7.6 10/22/2014 Arbitrary Code Execution, Denial of Service Recommended: Upgrade after testing
38.0.2125.104 Google Chrome Win/Mac/Linux Before 38.0.2125.104 10/14/2014 Denial of Service, Information Disclosure, Security Bypass Upgrade at admin’s discretion
33/ESR 31.2 Mozilla Firefox Before 33/ESR 31.2 10/14/2014 Arbitrary Code Execution, Information Disclosure, Security Bypass, Denial of Service Recommended: Upgrade after testing
31.2 Mozilla Thunderbird Before 31.2 10/14/2014 Arbitrary Code Execution, Information Disclosure, Security Bypass, Denial of Service Recommended: Upgrade after testing
October CPU Java Java SE 6u81, Java SE 7u67, Java SE 8u20, Java SE Embedded 7u60 10/47/2014 Arbitrary Code Execution Recommended: Upgrade after testing
Hello everyone,
