Monday, October 16, 2017

Adobe Flash Player Out-of-Band Critical Security Update

Adobe Flashplayer

Adobe has released Version 27.0.0.170 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

The critical update addresses a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows.

Release date:  October 16, 2017
Vulnerability identifier: APSB17-32
CVE Numbers:   CVE-2017-11292
Platform: Windows, Macintosh, Linux and Chrome OS

Update:

*Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

    References



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...









    Tuesday, October 10, 2017

    Microsoft Security Updates for October, 2017



    The October security release consists of 62 security updates for the following software in which 27 are listed as Critical and 35 are rated Important. In particular, note that one CVE in Microsoft Office is listed as under active attack, and two other CVEs are listed as publically known prior to release.
    • Internet Explorer
    • Microsoft Edge
    • Microsoft Windows
    • Microsoft Office and Microsoft Office Services and Web Apps
    • Skype for Business and Lync
    • Chakra Core

      Known Issues
      The updates address Remote Code Execution, Information Disclosure, "Defense in Depth",Security Feature Bypass and Elevation of Privilege. Note:  "Defense-in-Depth" is a fix that does not apply to an actively exploitable vulnerability but prevents future vulnerabilities caused by the same code when surrounding code changes expose the problem.  In addition, Windows 10 1511 support ends today.

      For more information about the updates released today, see https://portal.msrc.microsoft.com/en-us/security-guidance/summary.  Updates can be sorted by OS from the search box. Information about the update for Windows 10 is available at Windows 10 Update history.

      CVEs addressed by Microsoft this month that deserve extra attention are discussed in Zero Day Initiative — The October 2017 Security Update Review by Dustin Childs.

        Additional Update Notes

        • Adobe Flash Player -- For Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 and Windows 10, Adobe Flash Player is now a security bulletin rather than a security advisory and is included with the updates as identified above.
        • MSRT -- Microsoft released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. 
          Note:  Users who are paranoid about the remote possibility of a FP can opt to run this tool from a Command Prompt, appending a   /N   parameter [for "detect only" mode].
        • Windows 10 -- A summary of important product developments included in each update, with links to more details is available at Windows 10 Update History. The page will be regularly refreshed, as new updates are released.

        References


          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...





          Adobe Flash Player Updates

          Adobe Flashplayer

          Adobe has released Version 27.0.0.159 of Adobe Flash Player for Microsoft Windows, Macintosh, Chrome and Linux.

          These updates address functionality bugs.

          Release date:  October 10, 2017
          Vulnerability identifier: APSB17-31
          CVE Numbers:   None
          Platform: Windows, Macintosh, Linux and Chrome OS

          Update:

          *Important Note:  Downloading the update from the Adobe Flash Player Download Center link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras that you do not want.  They are not needed for the Flash Player update.

            Verify Installation

            To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

            Do this for each browser installed on your computer.

            To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

            References



            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...