***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***
Welcome to my June 2024 Patch Monday newsletter! I've noticed something interesting this month. As we all know, Microsoft has set a tradition of releasing security updates on the 2nd Tuesday of every month. If this month is any indicator, it looks like 3rd party vendors may be leaning in the same direction. June 11th was a big day for patching. If you look at the chart below you'll notice that almost all of the vendors released their updates on the same Patch Tuesday.
So this month there isn't any thing huge to talk about. No zero days from the vendors below. One update to note is for Adobe Experience Manager. This one product received an update to patch almost 150 different CVE's. These are mostly cross-site scripting vulnerabilities with a severity of important and a base score of 5.4. So nothing extremely dangerous but I think it's worth mentioning soley for the number of related CVE's.
Next is Google Chrome. In the past month Google has released 4 updates covering 43 different CVE's. Of these, 24 are rated high. You will want to make sure that all of your Chromium based browsers (Chrome, Edge, Opera, etc...) get updated.
Also, in our chart below we have our newly added Citrix and Zoom security bulletins. Zoom had a few updates but all rated medium. Citrix, though, has a bulletin rated high for a vulnerability that may allow an attacker on the same network as the victim to read, disrupt, or modify network traffic that would normally be expected to be protected by the VPN. See the chart below for more details.
I know that some of you use these applications but if there are any applications that you think I should include in the chart below please let me know (just reply to this email). If it's an application used by the masses and there is a security page where they release details on updates then I will do my best to try to include it.
I do want to bring attention to a webinar I hosted last month. It was a Windows Security Log Deep Dive into helping you understand Kerberos authentication events from domain controllers. After that, Barry Vista, from LOGbinder, and I showed how my Supercharger product can help you collect the events you need from your domain controllers to detect malicious activity. You can watch the recording here.
Happy patching!
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
Patch data provided by: |
|||||
Identifier |
Vendor/ |
Affected Versions |
Date Released |
Vulnerability Info |
Vender Severity / Our Recommedation |
Adobe Photoshop |
2023 24.7.3 and earlier |
6/11/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
Adobe Experience Manager (AEM) |
AEM Cloud Service (CS) |
6/11/2024 |
Arbitrary Code Execution, Security Feature Bypass |
Critical Priority 3: Update at admins discretion |
|
Adobe Audition |
24.2 and earlier |
6/11/2024 |
Application Denial-of-Service, Memory Leak |
Important Priority 3: Update at admins discretion |
|
Adobe Media Encoder |
24.3 and earlier |
6/11/2024 |
Memory Leak |
Important Priority 3: Update at admins discretion |
|
Adobe FrameMaker Publishing Server |
2022.2 and earlier |
6/11/2024 |
Privilege Escalation |
Important Priority 3: Update at admins discretion |
|
Adobe Commerce |
2.4.7 and earlier |
6/11/2024 |
Arbitrary Code Execution, Privilege Escalation, Security Feature Bypass |
Critical Priority 3: Update at admins discretion |
|
Magento Open Source | 2.4.7 and earlier 2.4.6-p5 and earlier 2.4.5-p7 and earlier 2.4.4-p8 and earlier |
||||
Adobe ColdFusion |
2023 Update 7 and earlier |
6/11/2024 |
Arbitrary File System Read, Security Feature Bypass |
Important Priority 3: Update at admins discretion |
|
Adobe Substance 3D Stager |
2.1.4 and earlier |
6/11/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
Adobe Creative Cloud Desktop Application |
6.1.0.587 and earlier |
6/11/2024 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
Adobe Acrobat Android |
24.4.2.33155 and earlier |
6/11/2024 |
Security Feature Bypass |
Important Priority 3: Update at admins discretion |
|
Citrix XenServer and Citrix Hypervisor |
XenServer 8 |
6/11/2024 |
Denial of Service | Update after testing | |
Citrix Software Group |
Secure Access Client for Linux, Mac and iOS |
6/24/2024 |
VPN Data Leak | Update after testing | |
Google |
Before 126.0.6478.126/127 for Windows/Mac |
6/24/2024 |
Heap Buffer Overflow, Inappropriate Implementation, Out of Bounds, Policy Bypass, Type Confusion, Use After Free |
Update after testing | |
Multiple CVE's |
Mozilla Thunderbird |
Before 115.12 |
6/11/2024 (FF ESR) |
Arbitrary Code Execution, Security Feature Bypass, Use After Free |
Update after testing |
Mozilla Firefox |
Before 127 |
6/11/2024 |
Arbitrary Code Execution, Memory Corruption, Security Feature Bypass, Spoofing, Use After Free, User Confusion |
Update after testing |
|
Mozilla Firefox for iOS |
Before 127 |
6/13/2024 |
Data Leak, Spoofing |
Update after testing |
|
Zoom Apps |
Workplace Desktop App for Windows/masOS/Linux before 5.17.11 |
6/11/2024 |
Buffer Overflow, Denial of Service |
Update after testing |
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Click here to unsubscribeUltimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
9450 SW Gemini Drive #53822, Beaverton, OR 97008
Note: We do our best to provide quality information and expert commentary but use all information at your own risk.