***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***
Welcome to my November 2024 Patch Monday newsletter! This month we have some zero days to talk about.
Apple released two updates, CVE-2024-44308 and CVE-2024-44309, in which they say they are aware of a report that this issue may have been actively exploited on Intel-based Mac systems. Both updates affect macOS Sequoia, iOS, iPadOS, Safari and visionOS. I wasn't going to include visionOS but I pictured some random IT engineer bringing in his Apple Vision Pro and connecting it to the corporate network. So, for consistency and caution, I included it in the chart below. These are the only zero days to worry about.
Mozilla had an update for Thunderbird that patched a "High" rated vulnerability. I feel you can update when possible due to the low CVSS score of 4.3.
Google had four releases for Chrome in the past 30 days fixing 19 various vulnerabilities. Of these, five are rated "High" and there is one rated "Critical". The good news is that Google didn't report that any are active in the wild, but they do say that details will not be released until a majority of users are updated. So, I suggest you get Chrome restarted and updated as soon as you can.
Zoom also released updates for 6 different CVE's across its product line. Two of these were rated "High". So, you will want to make sure your affected Zoom Apps get updated as well.
This month's newsletter sponsor, LOGbinder, has just released a new version of Supercharger for Windows Event Collection. I'm mentioning it here because many of you are users and have been asking when the .net 8 update will be released. You can download the latest update here or if you have an existing support contract and don't want to fill out the form then just email sales@logbinder.com.
Besides that, it's a fairly standard month. Be sure to browse the chart below and happy patching!
|
|
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
|
Patch data provided by: |
 |
||||
|
Identifier |
Vendor/ |
Affected Versions |
Date Released |
Vulnerability Info |
Vender Severity / Our Recommedation |
|
Adobe Bridge |
13.0.9 and earlier |
11/12/2024 |
Memory Leak, Application DoS |
Important Priority 3: Update at admins discretion |
|
|
Adobe Commerce & Magento Open Source SaaS |
3.2.5 and earlier |
11/12/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admin's discretion |
|
|
Adobe Audition |
24.4.6 and earlier |
11/12/2024 |
Memory Leak |
Important Priority 3: Update at admins discretion |
|
|
Adobe After Effects |
24.6.2 and earlier |
11/12/2024 |
Arbitrary Code Execution, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Painter |
10.1.0 and earlier |
11/12/2024 |
Application DoS, Arbitrary Code Execution, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe InDesign |
20.0 and earlier |
11/21/2024 |
Memory Leak |
Important Priority 3: Update at admins discretion |
|
|
Adobe Illustrator |
28.7.1 and earlier |
11/12/2024 |
Application DoS, Arbitrary Code Execution, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Photoshop |
2023 24.7.3 and earlier |
11/12/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Apple macOS |
Sequoia before 15.1.1 |
11/19/2024 |
Arbitrary Code Execution, Cross Site Scripting |
Update ASAP | |
|
Apple iOS |
iOS/iPadOS before 18.1.1 |
11/19/2024 |
Arbitrary Code Execution, Cross Site Scripting |
Update ASAP | |
|
Apple Safari |
Before 18.1.1 |
11/19/2024 |
Arbitrary Code Execution, Cross Site Scripting |
Update ASAP | |
|
Apple visionOS |
Before 2.1.1 |
11/19/2024 |
Arbitrary Code Execution, Cross Site Scripting |
Update ASAP | |
|
Google |
Before 131.0.6778.85 (Linux) |
11/19/2024 |
Inappropriate Implementation, Insufficient Policy Enforcement, Out of Bounds Write, Type Confusion, Use After Free |
Update after testing | |
|
Mozilla Thunderbird |
Before 132.0.1 |
11/12/2024 |
Information Disclosure |
Update after testing |
|
|
Zoom Apps |
Meeting SDK for macOS before 6.1.5 |
11/12/2024 |
Information Disclosure |
Update after testing |
|
|
Zoom Apps |
Meeting SDK for macOS before 6.1.5 |
11/12/2024 |
Privilege Escalation |
Update after testing |
|
|
Zoom Apps |
Meeting SDK for Windows/macOS/iOS/Android/Linux before 6.2.0 |
11/12/2024 |
Information Disclosure |
Update after testing |
|
|
Zoom Apps |
Workplace App for Windows/macOS/iOS/Android/Linux before 6.2.0 |
11/12/2024 |
Denial of Service |
Update after testing |
|
|
Zoom Apps |
Meeting SDK for Windows/macOS/iOS/Android/Linux before 6.2.0 |
11/12/2024 |
Privilege Escalation |
Update after testing |
|
|
Zoom Apps |
Workplace App for Windows/macOS/iOS/Android/Linux before 6.2.0 |
11/12/2024 |
Denial of Service |
Update after testing |
|
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
9450 SW Gemini Drive #53822, Beaverton, OR 97008
Note: We do our best to provide quality information and expert commentary but use all information at your own risk.