Skip to main content
Tag

third-party updates

||

August Third-Party Patches and Security Updates

By News, Patch ManagementNo Comments

August Third-Party Patches & Security Updates

Explore the latest third-party and security updates and find out which patches should be prioritized this month to protect your environment.
[vc_empty_space]
[vc_single_image image=”33244″ img_size=”full”]

Which third-party patches should you prioritize?

VideoLAN has released an update this week to resolve two high-risk vulnerabilities in the VLC media player application. The discovered vulnerabilities allow an attacker to manipulate the .MKV extension so that a file can be used to gain control of the victim’s device. A total of 15 defects were made public on Monday by VideoLAN and a new version was released on August 19.

Additionally, Google Chrome received an update earlier this month resolving a high-severity use-after-free vulnerability in the PDFium viewer (CVE-2019-5868), as well as a medium-severity vulnerability (CVE-2019-5867)

Firefox also had a moderate vulnerability addressed regarding stored passwords and master password entry (CVE-2019-11733). “When a master password is set, it is required to be entered again before stored passwords can be accessed in the ‘Saved Logins’ dialog,” stated Mozilla regarding version 68.0.2. “It was found that locally stored passwords can be copied to the clipboard thorough the ‘copy password’ context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords.”

Why focus on patching third-party applications?

Delays in patching third party applications with dangerous vulnerabilities can leave your endpoints wide open to attack.

Syxsense provides true network security and lets you manage every threat with the click of a button. Keep up with the constant stream of security threats and patches for third-party software applications, such as Adobe, Java, Chrome and more.

[vc_separator][vc_empty_space height=”20px”]

Third-Party Updates

Title Description CVSS CVSS Severity Vendor Date Published
Acrobat_ReaderDC_v15.006.30499(Classic Track 2015) NA NA Adobe 8/13/19
Acrobat_ReaderDC_v17.011.30144(Classic Track 2017) NA NA Adobe 8/13/19
Acrobat_ReaderDC_v19.012.20036(Continuous Track) NA NA Adobe 8/13/19
AcrobatDC_v15.006.30499(Classic Track 2015) NA NA Adobe 8/13/19
AcrobatDC_v17.011.30144(Classic Track 2017) NA NA Adobe 8/13/19
AcrobatDC_v19.012.20036(Continuous Track) NA NA Adobe 8/13/19
Chrome_v76.0.3809.100 The Stable channel has been updated to 76.0.3809.100 8.8 High Google 8/6/19
FileZilla_v3.44.1 NA NA FileZilla 8/9/19
Firefox_v68.0.2 Version 68.0.2, first offered to Release channel users on August 14, 2019 NA NA Mozilla 8/14/19
FirefoxESR_v68.0.2 NA NA Mozilla 8/14/19
FlashPlayer_ActiveX_v32.0.0.238 NA NA Adobe 8/13/19
FlashPlayer_Plugin_NPAPI_v32.0.0.238 NA NA Adobe 8/13/19
FlashPlayer_Plugin_PPAPI_v32.0.0.238 NA NA Adobe 8/13/19
Opera_v62.0.3331.116 Opera 62.0.3331.116 Stable update NA NA Opera 8/7/19
Skype_v8.51.0.72 NA NA Microsoft Corporation 8/12/19
VLC Media Player_v3.0.8 NA NA VideoLAN 8/19/19
[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||”]
||||

July Third-Party Security Updates

By News, Patch ManagementNo Comments

July Third-Party Security Updates

Explore the latest third-party updates as well as a controversial vulnerability with Zoom that the company has decided to eliminate.
[vc_empty_space]
[vc_single_image image=”32072″ img_size=”full”]

Latest Third-Party Updates

This month there are several notable third-party updates that have been released. The vendors include Adobe, Foxit, GlavSoft LLC., Microsoft (Skype), and Mozilla.

How are you deploying third-party security updates? It’s time to switch to an IT management solution that can manage any security updates required. Syxsense can deploy a wide-range of updates, including Windows, Mac, and Linux software.

Zoom Pushes Emergency Patch for Webcam Flaw

After facing media scrutiny for a zero-day vulnerability in its collaboration client for Mac, Zoom has rushed out an emergency patch to eliminate the bug. The video conferencing company initially stated that it would not issue a full fix for the the vulnerability, but has since changed course.

The flaw (CVE-2019–13450), allows a malicious website to take over a user’s web camera without their permission, putting 4 million workers that use Zoom for Mac at risk. This isn’t the first time the company has experienced issues—late last year Zoom experienced a critical bug that could lead to malware installation.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||”]
[vc_empty_space][vc_separator][vc_empty_space]

Third-Party Updates

Vendor Category Title Date Published CVSS Score & Rating
Adobe Multimedia FlashPlayer_ActiveX_v32.0.0.223 7/9/19 N/A
Adobe Multimedia FlashPlayer_Plugin_NPAPI_v32.0.0.223 7/9/19 N/A
Adobe Multimedia FlashPlayer_Plugin_PPAPI_v32.0.0.223 7/9/19 N/A
Foxit Corporation PDF Viewer FoxitReader_v9.6.0 7/4/19 N/A
GlavSoft LLC. Remote Access TightVNC_v2.8.23.0 7/3/19 N/A
Microsoft Corporation Audio/Video Chat Skype_v8.49.0.49 7/8/19 N/A
Mozilla Web Browser Firefox_v68.0 7/8/19 N/A
Mozilla Web Browser FirefoxESR_v60.8.0 7/8/19 N/A
Mozilla Email Client Thunderbird_v60.8.0 7/8/19 N/A
Peter Pawlowski Audio Player Foobar2000_v1.4.6 7/7/19 N/A
[vc_btn title=”Start Your Free Trial of Syxsense →” shape=”square” color=”warning” size=”lg” align=”center” button_block=”true” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||”]
||

July Patch Tuesday: Stop Zero-Day Exploits

By News, Patch Management, Patch TuesdayNo Comments

July Patch Tuesday: Stop Zero-Day Exploits

This month's Patch Tuesday release has 77 vulnerabilities, including two zero-days—security flaws that were being actively exploited.
[vc_empty_space]
[vc_single_image image=”32048″ img_size=”full”]

Patch Tuesday Release

Microsoft have released 78 patches today covering IE, Edge, ChakraCore, Windows and Office.p There are 15 rated Critical and 62 Important with only 1 rated Moderate.

Urgent: Public and Exploited

There are a total of 8 vulnerabilities in this Patch Tuesday which are either publicly disclosed or being actively exploited, making July one of the worst months for the potential threats exposed by these vulnerabilities.

Robert Brown, Director of Services for Verismic said, “We highly recommend these be prioritized for immediate deployment, notice they are all rated by Microsoft as Important instead of Critical? Having an independent severity is essential along with the vendor severity is critically important for transparent prioritization of your next round of patching.

CVE-2019-0880 and CVE-2019-1132 have actually made our Most Wanted Index already this year already, meaning new vulnerabilities have been exposed and Microsoft have re-released new patches to resolve those vulnerabilities.

CVE-2019-0785 carries a CVSS score of 9.8 making this vulnerability the highest independent severity in this patch Tuesday release. All Windows Servers running DHCP going back to Windows 2012 are effected. The vulnerability exposes a memory corruption issue where if exploited could knock out the DHCP service, causing devices not to renew their IP address correctly. This impacts not just the server but every single device which uses it.

Adobe Updates

Adobe have only released 3 updates today resolving vulnerabilities with Adobe Bridge, Experience Manager, and Dreamweaver. There are no patches for Adobe Flash or Adobe Reader making Microsoft your biggest priority today.

[vc_separator css=”.vc_custom_1552427883977{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial|||”]
[vc_empty_space][vc_separator][vc_empty_space]

Patch Tuesday Release

Verismic Recommended CVE ID Description Severity Publicly Disclosed Actively being Exploited
Yes CVE-2019-0880 Microsoft splwow64 Elevation of Privilege Vulnerability Important No Yes
Yes CVE-2019-1132 Win32k Elevation of Privilege Vulnerability Important No Yes
Yes CVE-2018-15664 Docker Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-0865 SymCrypt Denial of Service Vulnerability Important Yes No
Yes CVE-2019-0887 Remote Desktop Services Remote Code Execution Vulnerability Important Yes No
Yes CVE-2019-0962 Azure Automation Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-1068 Microsoft SQL Server Remote Code Execution Vulnerability Important Yes No
Yes CVE-2019-1129 Windows Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-0785 Windows DHCP Server Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1001 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1004 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1056 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1059 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1062 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1063 Internet Explorer Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1072 Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1092 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1102 GDI+ Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1103 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1104 Microsoft Browser Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1106 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1107 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1113 .NET Framework Remote Code Execution Vulnerability Critical No No
CVE-2019-0811 Windows DNS Server Denial of Service Vulnerability Important No No
CVE-2019-0966 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0975 ADFS Security Feature Bypass Vulnerability Important No No
CVE-2019-0999 DirectX Elevation of Privilege Vulnerability Important No No
CVE-2019-1006 WCF/WIF SAML Token Authentication Bypass Vulnerability Important No No
CVE-2019-1037 Windows Error Reporting Elevation of Privilege Vulnerability Important No No
CVE-2019-1067 Windows Kernel Elevation of Privilege Vulnerability Important No No
CVE-2019-1071 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1073 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1074 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1076 Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-1077 Visual Studio Elevation of Privilege Vulnerability Important No No
CVE-2019-1079 Visual Studio Information Disclosure Vulnerability Important No No
CVE-2019-1082 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1083 .NET Denial of Service Vulnerability Important No No
CVE-2019-1084 Microsoft Exchange Information Disclosure Vulnerability Important No No
CVE-2019-1085 Windows WLAN Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1086 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1087 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1088 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1089 Windows RPCSS Elevation of Privilege Vulnerability Important No No
CVE-2019-1090 Windows dnsrlvr.dll Elevation of Privilege Vulnerability Important No No
CVE-2019-1091 Microsoft unistore.dll Information Disclosure Vulnerability Important No No
CVE-2019-1093 DirectWrite Information Disclosure Vulnerability Important No No
CVE-2019-1094 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1095 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1096 Win32k Information Disclosure Vulnerability Important No No
CVE-2019-1097 DirectWrite Information Disclosure Vulnerability Important No No
CVE-2019-1098 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1099 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1100 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1101 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1105 Outlook for Android Spoofing Vulnerability Important No No
CVE-2019-1108 Remote Desktop Protocol Client Information Disclosure Vulnerability Important No No
CVE-2019-1109 Microsoft Office Spoofing Vulnerability Important No No
CVE-2019-1110 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2019-1111 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2019-1112 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2019-1116 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1117 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1118 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1119 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1120 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1121 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1122 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1123 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1124 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1126 ADFS Security Feature Bypass Vulnerability Important No No
CVE-2019-1127 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1128 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1130 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1134 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-1136 Microsoft Exchange Server Elevation of Privilege Vulnerability Important No No
CVE-2019-1137 Microsoft Exchange Server Spoofing Vulnerability Important No No
CVE-2019-1075 ASP.NET Core Spoofing Vulnerability Moderate No No
[vc_btn title=”Start Your Free Trial of Syxsense →” shape=”square” color=”warning” size=”lg” align=”center” button_block=”true” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||”]

Instagram Takes a Peek: October Third-Party Patch Update

By Patch ManagementNo Comments

[vc_single_image source=”featured_image” img_size=”medium”]

Even celebrity status can’t protect your data

At the beginning of September, a news story broke that Selena Gomez had her Instagram hacked. Why does the Instagram of a celebrity matter this time? Because this hack goes much further.
Instagram won’t confirm just how many accounts were affected, but the hackers claim they have information on 6 million users. They used this information to set up a site called Doxagram, where you could pay to search for the private contact information of these users. These accounts included almost all of the 50 most followed Instagram accounts. People like Rihanna, Emma Watson, Floyd Mayweather, and even the official account of the white house.

Kaspersky Labs reported to Facebook that there was a flaw within the Instagram mobile app password reset option. However, it was in a 2016 version of the app, so if you have kept Instagram up to date, you should be protected.

This is just another lesson why it’s so critical to keep up to date on software patches. Any vulnerability, even in an unsuspecting, non-business software like Instagram, could lead to a major breach.

CCleaner adds malware to your devices

Avast, the parent company to Piriform, discovered that two of their products had been compromised. Hackers breached these two products and added malware into the new version. Then anyone who installed CCleaner also got this malware that allowed hackers to control the infected computer.

Affected Piriform products:

  • CCleaner v5.33.6162
  • CCleaner Cloud v1.07.3191

The software has since been updated to remove the malware, but the damage has been done. Piriform says that they fixed things “before any known harm was done” and that no sensitive data was collected. While that might be true, it doesn’t mean the hackers didn’t accomplish their goals. They go access to a massively used software and that, in turn, gave them a back door into businesses that use it.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Third-Party Updates

Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include:

Below are a list of third-party software updates for the month:

Vendor Category Patch Version and Release Notes Link:
Adobe Media Software Flash Player 27 and AIR 27: https://helpx.adobe.com/flash-player/release-note/fp_27_air_27_release_notes.html
Google Web Browser Chrome 61.0.3163.100: https://chromereleases.googleblog.com/2017/09/stable-channel-update-for-desktop_21.html
Ivo Soft Misc. ClassicShell_v4.3.1: http://www.classicshell.net/history/
Peter Pawlowski Audio Player Foobar2000_v1.3.16: http://www.foobar2000.org/changelog
[vc_separator]

Start Patching

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
||

Chrome Compromised: September Third-Party Patch Update

By Patch ManagementNo Comments

[vc_single_image source=”featured_image” img_size=”medium”]

1 Million Targeted by Chrome Extension Hack

Even experts aren’t exempt from deceptive phishing attacks. It’s being reported that the developers of several extensions had their login credentials stolen.

It’s the second time in a week that Chrome users have been targeted by extension hijacks. The first involved an extension called CopyFish with around 30,000 installs. That attack may have been a test intended to see how many fraudulent ad views could be pumped through before Google intervened and returned control of the extension to its rightful owners.

Extensions reported so far:

  • Web Developer version 0.4.9
  • Chrometana version 1.1.3
  • Infinity New Tab version 3.12.3
  • CopyFish version 2.8.5
  • Web Paint version 1.2.1
  • Social Fixer 20.1.1
  • TouchVPN
  • Betternet VPN

Once the attackers had access to the developers accounts for these extensions, they began modifying the code. It seems their goal was to gain control over victims’ browsers and then if the victim had a Cloudflare account, steal that information.

It’s important to keep your browser’s up to date and review extensions before you install them.

The Source of NotPetya

Just after the outbreak of NotPetya, several entities seemed to point at software distribution provider MeDoc as one of the main sources of the outbreak. They claim that their software was a victim of a hack that then led to it being the vessel for initial distribution of NotPetya. From there, it spread through updates of MeDoc and began infecting more and more victims. This sort of event is known as a ‘supply chain attack’.

[vc_single_image image=”12386″ img_size=”200×200″]

The compromise of a software distribution method is extremely dangerous for businesses. Before you know it, a vulnerability can be spread to every device accessible via the hacked distribution software. How do you prevent such a disaster? One way could be the activation of two-factor authentication for login to your IT management software. This can help prevent the software from being compromised in the first place.

Don’t leave something that could infect your entire environment unsecured.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator]

Third-Party Updates

Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include:

Below are a list of third-party software updates for the month:

Vendor Category Patch Version and Release Notes Link:
Adobe Media Software Flash and AIR: 26.0.0.151 and 26.0.0.127 – https://helpx.adobe.com/flash-player/release-note/fp_26_air_26_release_notes.html

 

Apple Media Software iTunes: 12.6.2 – https://www.neowin.net/news/apple-releases-security-updates-for-itunes-and-icloud-for-windows

 

Cerulean Instant Messaging

 

Trillian: 6.0 build 61 – https://www.trillian.im/changelog/windows/6.0/

 

Citrix Data Delivery Receiver: 4.9 LTSR – http://docs.citrix.com/en-us/receiver/windows/current-release/about.html

 

Don Ho Source Code Editor Notepad++: 7.5 – https://notepad-plus-plus.org/news/notepad-7.5-released.html

 

FileZilla FTP Solution 3.27.1 – https://filezilla-project.org/versions.php

 

Foxit PDF Reader Reader: 8.3.2.25013 – https://www.foxitsoftware.com/pdf-reader/version-history.php

 

Google Browser Earth: 7.3.0 – https://support.google.com/earth/answer/40901?hl=en

Chrome: 60.0.3112.113 – https://chromereleases.googleblog.com/2017/08/stable-channel-update-for-desktop_24.html

 

Malware Bytes Malware Defender

 

3.2 – https://www.malwarebytes.com/support/releasehistory/

 

Mozilla Brower and Email Client Firefox: 55.0.3 – https://www.mozilla.org/en-US/firefox/55.0.3/releasenotes/

Thunderbird: 52.3.0 – https://www.mozilla.org/en-US/thunderbird/52.3.0/releasenotes/

 

Realvnc Remote Access Software 6.2.0 – https://www.realvnc.com/en/connect/docs/desktop-release-notes.html

 

The Document Foundation Office Suite LibreOffice: 5.4.0 – https://wiki.documentfoundation.org/ReleaseNotes/5.4

 

Wireshark Network Protocol Analyzer 2.4.0 – https://www.wireshark.org/docs/relnotes/wireshark-2.4.0.html

 

[vc_separator]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
||

Ransomware Aftershocks: August Third-Party Patch Update

By News, Patch ManagementNo Comments
[vc_single_image image=”12822″ img_size=”medium”]

Ransomware Aftershocks

Even after remediation, the effects of ransomware can still be felt. The feelings of security have been stripped away and replaced with a nauseating sensation of vulnerability.

A public TV and radio station in San Francisco, KQED, knows this feeling. After being infected with ransomware demanding 1.7 bitcoin per PC, the FBI advised wiping the infected computes.

Even a month after the attack, the station is still doing work to fix the affected machines. But what has also been a surprise is the damage was to more than just their data. The wireless network and email servers went down at their headquarters, so they moved operations to UC Hastings. It has interrupted all levels of work, from broadcast to hiring of new employees.

This radio station isn’t the only company reeling long after a ransomware attack. Fedex has been reported as saying that was affected by NotPetya and that some damage was permanent. It’s expected that this business interruption will create significant decreases in revenue.

[vc_single_image image=”12386″ img_size=”200×200″]

The most effective way to protect yourself and your business against disaster is keeping your systems up to date. Malware relies on the idea that people won’t keep their software 100% up to date. And for good reason, keeping everything updated can be a nightmare. But utilizing a solution like Syxsense can simplify everything. CMS can show you at a glance which devices have out of date software. You can then quickly build a task to deploy needed updates.

Come check out Syxsense with a free trial today!

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]
[vc_separator]

Third-Party Updates

Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include:

 

 

Product Category Patch
Chrome Web Browser Chrome_v59.0.3071.134
Wireshark Network Protocol Analyzer Wireshark_v2.4
Firefox Web Browser Firefox_v54.0.1
Glary Utilities PC cleanup Glary_v5.80.0.101
Trillian Instant Messenger Trillian_v6.0 Build 60
WinSCP SFTP, SCP, and FTP client for Windows WinSCP_v5.9.6
WinMerge Open source differencing and merging tool for windows. WinMerge_v2.14
MediaMonkey Media manager MediaMonkey_v4.1.17.1840
PuTTY SSH and Telnet for windows and unix. PuTTY_v0.70
Foobar2000 Audio Player Foobar2000_v1.3.16
Java Programming language Java_v8u141
KeePass Password Safe KeePass_v2.36
Foxit Reader PDF reader FoxitReader_v8.3.1
FileZilla FTP solution FileZilla_v3.27.0.1
Paint.net Image editing software Paint.net_v4.0.17
iTunes Media player iTunes_v12.6.2
Adobe Reader DC Pdf reader AdobeReaderDC_v17.009.20058
Shockwave Multimedia platform Shockwave_v12.2.9.199
Flash Multimedia platform Flash_v26.0.0.137
AIR Runtime Code Distribution AIRRuntime_v26.0.0.127

 

Patch Details
Chrome_v59.0.3071.134 Includes bug fixes, security updates, and feature enhancements.

 

Wireshark_v2.4 Large number of new and updated features. New and updated protocol support. Major API changes. New and updated capture file support.

 

Firefox_v54.0.1 Now uses multiple operating system processes for web page content to increase speed and stability. Fixes: Display issue of tab title. Display issue of opening new tab. Display issue when opening multiple tabs. Tab display issue when downloading files. PDF printing issue. Netflix issue on linu.

 

Glary_v5.80.0.101
Optimized Disk Cleaner: added support for ‘PerfectDisk 13.0’ and ‘Adobe Reader 7.0

Optimized Tracks Eraser: added support for ‘Nero Burning ROM 15’ and ‘AceHTML 6 Pro

Optimized Quick Search: optimized the path sorting algorithm, and speed up by 100%

Minor GUI improvements

Minor bug fixes

Trillian_v6.0 Build 60 Fixed:

Media: Media may not correctly send if DNS is incorrectly set up.

Message Window: History messages may incorrectly duplicate in the window from previous versions of Trillian.

 

WinSCP_v5.9.6 Hotfix. German translation updated.

·  Back-propagated some improvements and fixes from 5.10-5.10.2 beta releases:

  • SSH core and private key tools (PuTTYgen and Pageant) upgraded to PuTTY 0.69. It brings the following change:
    • WinSCP should work with MIT Kerberos again, after DLL hijacking defences broke it.
  • TLS/SSL core upgraded to OpenSSL 1.0.2l.
  • Allow using 64-bit version of PuTTY (and its tools), when available. 1522
  • XML parser upgraded to Expat 2.2.1.
  • Bug fix: Scripting open command without arguments issued irrelevant warning about use of stored site.
  • Bug fix: Generated code uses TransferOptions.Speed instead of TransferOptions.SpeedLimit. 1543
WinMerge_v2.14 Improvements

  • Improve startup time
  • Improve editing of linefilter regular expressions
  • Improve color options organization

Other changes

  • Update PCRE to version 8.10
  • Update SCEW to version 1.1.2
  • Add menuitems for selecting automatic or manual prediffing
  • Add accelerator keys for Shell context menu
  • Allow editing context line count in patch creator
  • Add /xq command line switch for closing WinMerge after identical files and not showing message
  • Allow setting codepage from command line
  • Allow giving encoding name as custom codepage
  • Add new options dialog panel for folder compare options
  • Add options GUI for quick compare limit
  • Write config log as UTF-8 file

Bugs fixed

  • Untranslated string (“Merge.rc:nnnn”) was displayed in status bar
  • Pane headers not updated after language change
  • Quick contents compare didn’t ignore EOL byte differences
  • Compare by size always checked file times too
  • Crash when pasting from clipboard
  • Keeps verifing path even turned off in options
  • Crash after deleting text
  • Added EOL chars between copied file/path names
  • Created new matching folder to wrong folder
  • Strange scrolling effect in location pane
  • Plugin error after interrupting folder compare
  • “+” and “-” from the number block don’t work in the editor
  • Date format did not respect Regional Settings
  • Shell extension used unquoted program path

New Translation

  • Basque

Translation updates

  • Hungarian
  • Turkish
  • Russian
  • Norwegian
  • Danish
  • Dutch
  • Slovenian
MediaMonkey_v4.1.17.1840 Various bug fixes and updates.

 

PuTTY_v0.70 Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory, even a name we missed when we thought we’d fixed this in 0.69. See vuln-indirect-dll-hijack-3.

Windows PuTTY should be able to print again, after our DLL hijacking defences broke that functionality.

Windows PuTTY should be able to accept keyboard input outside the current code page, after our DLL hijacking defences broke that too.

 

Foobar2000_v1.3.16 Fixed horrible, horrible bug with inverted checkmarks in advanced preferences at 150% text size.

Network streaming: added handlers for more HTTP redirect codes.

Fixed foobar2000 process not setting its working directory to its installation location on startup.

FLAC tagging fixes.

 

Java_v8u141 Fixing of bugs and updates to features.

 

KeePass_v2.36 New Features:

  • Added commands ‘Find Duplicate Passwords’ and ‘Find Similar Passwords’ (in ‘Edit’ -> ‘Show Entries’), which show entries that are using the same or similar passwords.
  • Added command ‘Password Quality Report’ (in ‘Edit’ -> ‘Show Entries’), which shows all entries and the estimated quality of their passwords.
  • Added option ‘String name’ in the ‘Edit’ -> ‘Find’ dialog (for searching entries that have a specific custom string field).
  • Added option for using a gray tray icon.
  • Added {CMD:/…/} placeholder, which runs a command line.
  • Added {T-CONV:/…/Raw/} placeholder, which inserts a text without encoding it for the current context.
  • Added optional ‘Last Password Modification Time (Based on History)’ entry list column.
  • The internal text editor now supports editing PS1 files.
  • The position and size of the internal data viewer is now remembered and restored.
  • For various dialogs, the maximized state is now remembered and restored.
  • Added configuration option for specifying an expiry date for master keys.
  • Added configuration option for specifying disallowed auto-type target windows.
  • Added workaround for Edge throwing away all keyboard input for a short time after its activation.
  • Added workaround for Mono not properly rendering bold and italic text in rich text boxes.
  • TrlUtil now performs a case-sensitive word validation.

Improvements:

  • The password input controls in the IO connection dialog and the proxy dialog now are secure edit controls.
  • The icon of the ‘Save’ command in the main menu is now grayed out when there are no database changes (like the toolbar button).
  • Auto-Type: improved support for target applications that redirect the focus immediately.
  • Auto-Type: improved compatibility with VMware vSphere client.
  • When an error occurs during auto-type, KeePass is now brought to the foreground before showing an error message box.
  • Entries in groups where searching is disabled (e.g. the recycle bin group) are now ignored by the commands that show expired entries.
  • Improved scrolling when moving entries while grouping in the entry list is on.
  • Improved support for right-to-left writing systems.
  • Improved application and system tray icon handling.
  • Updated low resolution ICO files (for Mono development).
  • Moved single-click tray icon action option from the ‘Integration’ tab to the ‘Interface’ tab of the options dialog.
  • Synchronization file path comparisons are case-insensitive now.
  • Improved workaround for Mono clipboard bug (improved performance and window detection; the workaround is now applied only if ‘xsel’ and ‘xdotool’ are installed).
  • Enhanced PrepMonoDev.sh script.
  • KPScript: times in group and entry lists now contain a time zone identifier (typically ‘Z’ for UTC).
  • Various code optimizations.
  • Minor other improvements.

Bugfixes:

  • The drop-down menu commands in the entry editing dialog for setting the expiry date now work as expected.

 

FoxitReader_v8.3.1 New Feature and Improvements:

Easy and Secure File-sharing

Provides a plugin to share your file by generating a file link and sending it via email or to social media, under your full control by advanced settings to share content quickly, easily, and securely.

Some ease of use enhancements.

 

Issues Addressed:

Fixed some issues that could cause Foxit Reader launch slowly.

Fixed some security and stability issues. Click here for details.

 

FileZilla_v3.27.0.1 Bugfixes and minor changes:

MSW: Add missing file to .zip binary package

MSW: Fix toolchain issues breaking the shell extension

 

Paint.net_v4.0.17
  • Added: “Fluid mouse input” option in Settings -> UI -> Troubleshooting. If you see major glitches while drawing, try disabling this.
  • Improved: Default brush size, font size, and corner radius size now scales with major DPI scaling levels (brush size of 2 at 100% scaling, brush size of 4 at 200% scaling, etc)
  • Improved: Default image size now scales with major DPI scaling levels (800×600 at 100%, 1600×1200 at 200%, etc.)
  • Improved performance and drawing latency by removing explicit calls to System.GC.Collect() except when low memory conditions are encountered
  • Improved performance by greatly reducing object allocation amplification by reducing the concurrency level when using ConcurrentDictionary, and by removing WeakReference allocations in favor of direct GCHandle usage
  • Improved: Performance and battery usage by ensuring animations always run at the monitor’s actual refresh rate
  • Improved (reduced) CPU usage when moving the mouse around the canvas
  • Removed: “Hold Ctrl to hide handle” from the Text tool because it was not useful and caused lots of confusion
  • Fixed: Various high-DPI fixes, including horrible looking mouse cursors caused by a bug in the latest .NET WinForms update
  • Fixed: Gradient tool no longer applies dithering “outside” of the gradient (in areas that should have a solid color)
  • Fixed: Very slow performance opening the Effects menu when lots of plugins are installed after installing the Windows 10 Creators Update
  • Fixed: When cropping and then performing an undo, the scroll position was totally wrong
  • Fixed a rendering glitch in the Save Configuration dialog (it would “wiggle”)
  • Fixed: At certain brush sizes, the brush indicator on the canvas had a visual glitch in it due to a bug in Direct2D
  • Fixed: Text tool buttons for Bold, Italics, Underline were not localized for a few languages
  • Fixed a rare crash in the taskbar thumbnails
  • Fixed: Drawing with an aliased brush and opaque color (alpha=255) sometimes resulted in non-opaque pixels due to a bug in Direct2D’s ID2D1RenderTarget::FillOpacityMask
  • Fixed: “Olden” effect should no longer cause crashes (it still has some rendering artifacts due to its multithreading problems, however)
iTunes_v12.6.2 This update is designed for high DPI displays so text and images appear sharper and clearer. It also includes minor app and performance improvements.

 

AdobeReaderDC_v17.009.20058 This release puts in place the infrastructure for simplifying the sign-in process within Acrobat & Reader. This enhancement will be rolled out for Acrobat and Reader users in near future.

 

Shockwave_v12.2.9.199 Fixes a critical memory corruption vulnerability that could lead to code execution.

 

Flash_ v26.0.0.137 These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

 

AIRRuntime_v26.0.0.127 These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

 

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]