***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***
Welcome to my July 2024 Patch Monday newsletter! It was a very slow month for 3rd party patching, at least for our regular vendors/providers. Adobe only had updates for three products this month and Apple did not release any relevant security updates in the past 30 days.
From what has been published on the patches below we don't have any zero days to be concerned about either. I'll start with Citrix this month. They had to CVE's rated high that are being patched. CVE-2024-5491 has a CVSS score of 7.1 and CVE-2024-6286 has a CVSS score of 8.5 which is pretty high. These affect Citrix NetScaler ADC and Gateway and also Citrix Workspace app for Windows. So please check the chart below to see if you are running any of the affected versions. I recommend you test the patches and update as soon as possible.
Chrome had two updates over the past 30 days that patched 15 different vulnerabilities. Twelve of these fifteen are rated "High" by Google. So, make sure all your Chromium based browsers get updated and restarted.
Zoom also had a handful of updates this past month. The way they format their update information is a bit unconventional so you will see a change in the chart below for their information. The change is that the links to the CVE's are in the "Vulnerability Info" column for Zoom. Of the updates published, the Improper Input Validation for Zoom Apps for Windows is rated "High". You will want to get that updated as soon as possible.
The big release this month is from Oracle. On July 16th Oracle released their quarterly "Critical Patch Update Advisory", their third for the year. I only included Java in the chart below but there are 386 patches across a long list of products and versions. You can see them all here.
I do want to bring attention to a webinar I have this week. The title is "Linux Privilege Elevation: Breaking out of SUDO with GTFOBins". If you want to learn about thoroughly implementing least privilege on Linux then you will want to register here.
So that's about it for the month. Be sure to browse the chart below and happy patching!
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
Patch data provided by: |
|||||
Identifier |
Vendor/ |
Affected Versions |
Date Released |
Vulnerability Info |
Vender Severity / Our Recommedation |
Adobe Premiere Pro |
24.4.1 and earlier |
7/9/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
Adobe InDesign |
ID19.3 and earlier |
7/9/2024 |
Application Denial of Service, Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
Adobe Bridge |
13.0.7 and earlier |
7/9/2024 |
Arbitrary Code Execution, Memory Leak |
Critical Priority 3: Update at admins discretion |
|
Citrix NetScaler |
ADC and Gateway 14.1 before 25.53 |
7/9/2024 |
Denial of Service, Open Redirect |
Update after testing | |
Citrix Provisioning |
CR before 2402 |
7/9/2024 |
Improper Access Control | Update after testing | |
Citrix Workspace App |
CR before 2403.1 |
7/9/2024 |
Improper Privilege Management | Test and Update As Soon As Possible | |
Citrix Workspace App for HTML5 |
Before 2404.1 |
7/9/2024 |
Incorrect Default Permissions, URL Redirect |
Update after testing | |
Google |
Before 126.0.6478.182/183 for Windows/Mac |
7/16/2024 |
Inappropriate Implementation, Out of Bounds, Race Condition, Type Confusion, Use After Free |
Update after testing | |
Multiple CVE's |
Mozilla Thunderbird |
Before 115.13 |
7/9/2024 (FF ESR) |
Memory Corruption, Race Condition |
Update after testing |
Mozilla Firefox |
Before 128 |
7/9/2024 |
Arbitrary Code Execution, Cross-site Navigation, CSP Violation, Memory Corruption, Out-of-Bounds Read, Race Condition, Security Feature Bypass, Tapjacking, Unintended Permissions |
Update after testing |
|
Oracle Java |
GraalVM for JDK 17.0.11, 21.0.3, 22.0.1 |
7/16/2024 |
Denial of Service, Race Condition, Unauthorized Access |
Update after testing |
|
Multiple CVE's (see vulnerability info) |
Zoom Apps |
Workplace Desktop App for Windows/macOS/Linux before 6.0.0 |
7/9/2024 |
Improper Input Validation, Race Condition, Path Traversal, Uncontrolled Search Path, Improper Privilege Management |
Update after testing |
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Click here to unsubscribeUltimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
9450 SW Gemini Drive #53822, Beaverton, OR 97008
Note: We do our best to provide quality information and expert commentary but use all information at your own risk.