August Third-Party Patches & Security Updates
Which third-party patches should you prioritize?
VideoLAN has released an update this week to resolve two high-risk vulnerabilities in the VLC media player application. The discovered vulnerabilities allow an attacker to manipulate the .MKV extension so that a file can be used to gain control of the victim’s device. A total of 15 defects were made public on Monday by VideoLAN and a new version was released on August 19.
Additionally, Google Chrome received an update earlier this month resolving a high-severity use-after-free vulnerability in the PDFium viewer (CVE-2019-5868), as well as a medium-severity vulnerability (CVE-2019-5867)
Firefox also had a moderate vulnerability addressed regarding stored passwords and master password entry (CVE-2019-11733). “When a master password is set, it is required to be entered again before stored passwords can be accessed in the ‘Saved Logins’ dialog,” stated Mozilla regarding version 68.0.2. “It was found that locally stored passwords can be copied to the clipboard thorough the ‘copy password’ context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords.”
Why focus on patching third-party applications?
Delays in patching third party applications with dangerous vulnerabilities can leave your endpoints wide open to attack.
Syxsense provides true network security and lets you manage every threat with the click of a button. Keep up with the constant stream of security threats and patches for third-party software applications, such as Adobe, Java, Chrome and more.
Third-Party Updates
| Title | Description | CVSS | CVSS Severity | Vendor | Date Published |
| Acrobat_ReaderDC_v15.006.30499(Classic Track 2015) | NA | NA | Adobe | 8/13/19 | |
| Acrobat_ReaderDC_v17.011.30144(Classic Track 2017) | NA | NA | Adobe | 8/13/19 | |
| Acrobat_ReaderDC_v19.012.20036(Continuous Track) | NA | NA | Adobe | 8/13/19 | |
| AcrobatDC_v15.006.30499(Classic Track 2015) | NA | NA | Adobe | 8/13/19 | |
| AcrobatDC_v17.011.30144(Classic Track 2017) | NA | NA | Adobe | 8/13/19 | |
| AcrobatDC_v19.012.20036(Continuous Track) | NA | NA | Adobe | 8/13/19 | |
| Chrome_v76.0.3809.100 | The Stable channel has been updated to 76.0.3809.100 | 8.8 | High | 8/6/19 | |
| FileZilla_v3.44.1 | NA | NA | FileZilla | 8/9/19 | |
| Firefox_v68.0.2 | Version 68.0.2, first offered to Release channel users on August 14, 2019 | NA | NA | Mozilla | 8/14/19 |
| FirefoxESR_v68.0.2 | NA | NA | Mozilla | 8/14/19 | |
| FlashPlayer_ActiveX_v32.0.0.238 | NA | NA | Adobe | 8/13/19 | |
| FlashPlayer_Plugin_NPAPI_v32.0.0.238 | NA | NA | Adobe | 8/13/19 | |
| FlashPlayer_Plugin_PPAPI_v32.0.0.238 | NA | NA | Adobe | 8/13/19 | |
| Opera_v62.0.3331.116 | Opera 62.0.3331.116 Stable update | NA | NA | Opera | 8/7/19 |
| Skype_v8.51.0.72 | NA | NA | Microsoft Corporation | 8/12/19 | |
| VLC Media Player_v3.0.8 | NA | NA | VideoLAN | 8/19/19 |
