Skip to main content
Tag

third party patch tool

January Third-Party Security Updates

By News, Patch Management, Uncategorized

Latest Third-Party Updates

This month there are several notable updates with CVSS ratings. Apple has released critical fixes for two of their OS platforms. Adobe and Foxit both have patches with high ratings. Prioritize these updates when securing your environment.

Still using WSUS?

If so, how are you deploying third-party security updates?
It’s time to switch to an IT management solution that can deploy any security updates required. Don’t rely on an incomplete tool that can only deploy windows updates. Syxsense can deploy a wide-range of updates, including Windows, Mac, and Linux software.

Third-Party Updates

Vendor Category Patch Version and Release Notes: CVSS Score and Rating
Adobe Multi-purpose software Flash Player, ActiveX, and AIR: v32.0.0.114Acrobat and Reader DC: v19.010.20069 N/A7.8 and High
Apple Operating Systems macOS: v10.14.3macOS High Sierra: v10.13.6

iTunes: v12.9.3.3

 9 and Critical9 and Critical

N/A
Don Ho Text and Source Code Editor Notepad: v7.6.3 N/A
Evernote Organization App Evernote: v6.17.6.8292 N/A
FileZilla FTP application FileZilla: v3.40.0 N/A
Foxit Corporation PDF software FoxitReader: v9.4.0 6.3 and High
Google Browser Google Earth Pro: v7.3.2.5495 N/A
KeePass Open-source password manager KeePass: v2.41 N/A
Mozilla Browser and Email Application Firefox: v64.0.2 N/A
Opera Web Browser Opera: v58.0.3135.47 N/A
Oracle Computer Programing Language Java: v8u202 N/A
Peter Pawlowski Audio Player Foobar2000: v1.4.2 N/A
RealVNC Remote Access Software RealVNC Viewer: v6.19.1 N/A
WinSCP Web Client WinSCP: v5.13.7 N/A
Wireshark Open-source packet analyzer Wireshark: v2.6.6 N/A
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
January 30, 2019
Love0
|||

December Third-Party Security Updates

By News, Patch Management

Business Evolves with Technology

Recently, Forbes outlined 5 ways retail is attempting to redefine itself. Overall, businesses are experimenting with new technologies, utilizing IoT devices to craft a more engaging shopping experience. But are they exposing themselves to security risks?

“Smart IoT devices such as beacons and smart shelves offer retail companies the efficiency to ensure their staff are effectively utilized, but physical IoT technology that is not secured properly can leave networks accessible to threats,” notes Rob Brown, director of services at Syxsense.

“Although smart in name, smart IoT uses open wireless networks and Bluetooth in order to communicate, creating more vulnerable endpoints in brick-and-mortar establishments,” he continues. “Tracking these IoT devices in retail companies is essential, because without knowing which ones you have, you cannot identify which ones are less secure or have known vulnerabilities which can be exploited.”

So, how can massive businesses with thousands of stores be expected to track a complex network of IoT devices? They can implement an IT management solution that leverages live, accurate, actionable, and secure data.

What Is Realtime Security?

  • Live:  Realtime Security pulls live data from thousands of devices, direct to a web console, in seconds. By eliminating stale data, IT management and security decisions are based on what is happening right now, not in the past.

 

  • Accurate: If device scans are run at night when devices are offline, hidden behind a firewall or roaming, security and IT teams have an incomplete view of their environment. Realtime Security eliminates blind spots enabling teams to manage their environment with 100% visibility.
  • Actionable: With no steep learning curve, Realtime Security’s simple to learn web interface leverages AI, and empowers teams with the information and skill to act instantly.

 

  • Secure:  Why juggle multiple consoles for device and security management? In a single place, security and IT operations can understand their exposed security risk, patch, deploy software, stop security breaches, satisfy compliance agencies and more.

Whether organizations are looking for endpoint security or IT management capabilities, including patch management, software distribution and remote control, Realtime Security is the only cloud-based approach to security and systems management which enables 10-second endpoint visibility and control thousands of devices.

Third-Party Updates

 

Vendor Category Patch Version and Release Notes:
Apache Open-source Office Suite  

OpenOffice: v4.1.5 – https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.6+Release+Notes

 
 

Don Ho

 

 Text and Source Code Editor  

Notepad: v7.6 – https://notepad-plus-plus.org/news/notepad-7.6-released.html

 
Evernote Organization App  

Evernote: v6.16.4.8094 – https://evernote.com/security/updates

 
GNOME Foundation  

Open-source Graphics Editor

 

  

GIMP: v2.10.8 – https://www.gimp.org/release-notes/gimp-2.10.html

 
Google Browser  

Chrome: v70.0.3538.110 – https://chromereleases.googleblog.com/2018/11/stable-channel-update-for-desktop_19.html

 
Mozilla Browser and Email Application  

Firefox: v63.0.3 – https://www.mozilla.org/en-US/firefox/63.0.3/releasenotes/

 

Thunderbird: v60.3.1 – https://www.thunderbird.net/en-US/thunderbird/60.3.1/releasenotes/

 
Peter Pawlowski Audio Player  

Foobar200: v1.4.1 – https://www.foobar2000.org/changelog

 
The Document Foundation Open-source Office Suite  

LibreOffice: v6.1.3 – https://www.libreoffice.org/download/release-notes/

 
Uvnc bvba Remote Desktop Access  

UltraVNC: v1.2.2.3 – http://forum.ultravnc.info/viewtopic.php?f=72&t=34183&sid=8cbefbea99d4d185644be65c43f30c70

 
WinSCP Web Client  

WinSCP: v5.13.6 – https://winscp.net/eng/docs/history

 
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
November 29, 2018
Love0
||

November Third-Party Security Updates

By News, Patch Management

Critical Updates for Apple and More

On the same day that Apple announced their new set of products, they released a massive group of updates. These patches address critical vulnerabilities throughout their operating systems and software offerings. The OS vulnerabilities, both iOS and macOS, could allow arbitrary code execution.

While Apple won’t reveal much about how potential exploitation of these bugs might work, they are rated as critical. It’s important to assess how many Apple devices are lurking within your network. Then implement a strategic rollout of the needed updates.

One-Third of Oracle Updates are Critical

The latest release of Java contains fixes for multiple critical vulnerabilities. Surprisingly, this number is down from the same time last year. Could Java be trending in the right direction? Only time will tell, but for now, this is positive news.

Legacy Java still needs to be monitored, as well. Java 8 ends public support in January 2019, but many companies still use Java 8, 9, 10, and 11. It’s important to track what versions of Java are running in an environment. Legacy software still gets regularly targeted for exploitation.

How does Syxsense help?

Syxsense displays graphs and icons that illustrate, at a glance, the vulnerability of your devices.

By clicking on a gadget, you’ll jump right into a patch deployment process, prepopulated to deploy all related updates to all devices that need them. You can easily modify this task to be more specific or start the task as-is, to save time.

Third-Party Updates

Vendor Category Patch Version and Release Notes:
Adobe Media Software Flash and Air: v31.0.0.122

Acrobat and Reader DC:

v15.006.30456 (Classic Track 2015)

v17.011.30105 (Classic Track 2017)

v19.008.20080 (Continuous Track)
Apple Media Software iTunes: v12.9.1

Safari: v12.0.1
Don Ho

 

 Text and Source Code Editor Notepad: v7.5.9
Evernote Organization App Evernote: v6.15.4.7934
FileZilla FTP Solution FileZilla: v3.38.1
Google Browser Chrome: v70.0.3538.77
Mozilla Browser and Email Application Firefox: v63.0.1

Thunderbird: v60.3.0
Oracle Java JDK and JRE: v8u192
VSRevo Group Revo Uninstaller Pro: v4.0.1
WireShark Wireshark: v2.6.4
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
November 1, 2018
Love0
|||||

Major Third-Party Security Updates

By News, Patch Management
[vc_single_image image=”25141″ img_size=”full” alignment=”center”]

Google Polishes Chrome

With an apparent rise in malicious extensions, Google has announced five changes that aim to secure their product. These should be incorporated into their next release in the later half of this month, Chrome 70.

1. Expanded controls for determining Chrome extension permissions

According to an article by Chrome developers, “users [will] have the ability to restrict extension host access to a custom list of sites, or to configure extensions to require a click to gain access to the current page.”

2. Code obfuscation banned

Google argues this was the main way in which malicious Chrome extensions made it onto the Chrome Web Store.

3. Two-factor authentication required for developers

Phishing attacks over the last year have targeted browser extensions as a means of mass infection. This new requirement should reduce the change of hackers getting direct access to the code of extensions.

4. New review process

Google is watching! Implementing a deeper review process and monitoring with remotely hosted code, Google hopes to quickly spot if malicious changes are taking place.

5. Updated manifest for stronger security

In 2019, Manifest version 3 will be released. The goal is to create “stronger security, privacy and performance guarantees.”

Google has taken notice of the attacks aimed at manipulating their extension functions. When Chrome 70 releases, be prepared to update it across all your systems.

[vc_separator]

Adobe Alert

Additionally, Adobe has released it’s regularly-scheduled October security updates. More than half of the 85 vulnerabilities are critical flaws, and the rest are rated as important. This is the latest update since Adobe’s critical out-of-band update from September.

The critical vulnerabilities allow arbitrary code execution. That includes 22 out-of-bounds write flaws, seven critical heap overflow glitches, seven use-after-free bugs, three type confusion bugs, three buffer error bugs, three untrusted pointer dereference flaws and a double free vulnerability.

A competing PDF software, Foxit, has also had a spike in discovered vulnerabilities. This is both good and bad news.

[vc_single_image image=”25154″ img_size=”medium” alignment=”center”]

The bad is that malicious actors are getting more aggressive by the day. The good news is that companies are taking their software flaws seriously and proactively looking for issues.

All of these vulnerabilities highlight one key lesson: keeping your systems up to date is the vital step for secure environments.

Patch Everything

Syxsense facilitates easy update deployments. A rapid patch scan can identify which devices need which updates. Then, from the Patch Manager, it’s simple to target a specific update and deploy it to any devices that require it.

Whether its deploying one update or hundreds, Syxsense will handle the task with ease.

[dt_default_button link=”url:https%3A%2F%2Fdev-syxsense.pantheonsite.io%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
October 3, 2018
Love0