Tuesday, February 13, 2018

Microsoft February Security Updates



The February security release consists of 50 CVEs, of which 14 are listed as Critical, 34 are rated Important, and 2 are rated Moderate in severity. The updates address Remote Code Execution, Elevation of Privilege, Information Disclosure and Security Feature BypassThe release consists of security updates for the following software: 

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • Adobe Flash


More:  For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

Also see this month's Zero Day Initiative — The February 2018 Security Update Review by Dustin Childs in which he discusses several of the patches and includes a breakdown of the CVE's addressed in the update. 

Additional Update Notes

  • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
  • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.  Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
  • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

References


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...





Adobe Reader and Acrobat Critical Security Updates

Adobe

Adobe has released security updates for Adobe Reader DC and Adobe Acrobat DC for Windows and Macintosh.  These updates are rated as four (4) critical and one (1) rated important, addressing the CVE's from the vulnerability details listed below. 

Release date:  February 13, 2018
Vulnerability identifier: APSB18-02
Platform: Windows and Macintosh

Vulnerability Category Vulnerability Impact Severity CVE Number
Security Mitigation Bypass
Privilege Escalation
Critical CVE-2018-4872
Heap Overflow
Arbitrary Code Execution
Critical CVE-2018-4890, CVE-2018-4904, CVE-2018-4910, CVE-2018-4917
Use-after-free
Arbitrary Code Execution
Critical CVE-2018-4888, CVE-2018-4892, CVE-2018-4902, CVE-2018-4911, CVE-2018-4913
Out-of-bounds write
Arbitrary Code Execution
Critical CVE-2018-4879, CVE-2018-4895, CVE-2018-4898, CVE-2018-4901, CVE-2018-4915,
CVE-2018-4916, CVE-2018-4918
Out-of-bounds read
Remote Code Execution Important CVE-2018-4880, CVE-2018-4881, CVE-2018-4882, CVE-2018-4883, CVE-2018-4884,
CVE-2018-4885, CVE-2018-4886, CVE-2018-4887, CVE-2018-4889, CVE-2018-4891,
CVE-2018-4893, CVE-2018-4894, CVE-2018-4896, CVE-2018-4897, CVE-2018-4899,
CVE-2018-4900, CVE-2018-4903, CVE-2018-4905, CVE-2018-4906, CVE-2018-4907,
CVE-2018-4908, CVE-2018-4909, CVE-2018-4912, CVE-2018-4914

Update or Complete Download

Update checks can be manually activated by choosing Help > Check for Updates.  Reader DC was updated to 18.011.20036.and Acrobat DC to 18.011.20035.   
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.


References





Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...







Wednesday, February 07, 2018

Mozilla Firefox Version 58.0.2 Released


FirefoxMozilla sent Firefox Version 58.0.2 to the release channel today.  The update addresses a number of bugs.

ESR remains at version 52.6.0.

Fixed


  • Avoid a signature validation issue during update on macOS
  • Blocklisted graphics drivers related to off main thread painting crashes
  • Tab crash during printing
  • Fix clicking links and scrolling emails on Microsoft Hotmail and Outlook (OWA) webmail

Unresolved

  • Users running Firefox for Windows over a Remote Desktop Connection (RDP) may find that audio playback is disabled due to increased security restrictions.
  • Users running certain screen readers may experience performance issues and are advised to use Firefox ESR until performance issues are resolved in an upcoming future release.
Update:
To get the update now, select "Help" from the Firefox menu, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu. If you do not use the English language version, Fully Localized Versions are available for download.

References




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...