***If you are receiving this email, it is because you subscribed to it. If you have not subscribed and want to unsubscribe, click here. Please do not mark as spam instead. We've had some problems lately with email blacklisting. We'd appreciate if you unsubscribe if you don't want mailings from us.***

Welcome to my October 2024 Patch Monday newsletter! This month was average with the exception of some zero days from Mozilla. So let's talk about that first.

Mozilla had 7 updates in the past 30 days. On Oct 9th they released a critical update for a zero-day for Firefox 131.0.2 and Firefox ESR 115.16.1 and 128.3.1. Then the next day on Oct 10th they released a critical update for the same zero-day but for Thunderbird 131.0.1, 128.3.1 and 115.16.0. For Thunderbird, Mozilla reports that the flaw cannot be exploited through email in Thunderbird because scritping is disabled when reading mail but that there is a risk using mail in the browser or browser-like components. So make sure you get these patched ASAP.

Google had five releases in the past 30 days fixing 32 various vulnerabilities. Of these, 13 are rated "High" but the good news is that Google didn't report that any are active in the wild. Either way, get Chrome restarted and updated as soon as you can.

Adobe had its regular update releases through the month but this time they had updates rated "Critical" for Adobe Commerce B2B. One of the CVE's addressed has a CVSS base score of 9.8! So you will want to make sure this gets patched ASAP.

Besides that, it's a fairly standard month. Be sure to browse the chart below and happy patching!

Follow randyfsmith on X

Subscribe to Randy Franklin Smith on Facebook

So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.

Patch data provided by:

Identifier

Vendor/
Product

Affected Versions

Date Released
by Vendor

Vulnerability Info

Vender Severity / Our Recommedation

CVE-2024-20787

Adobe Substance 3D Painter

10.0.1.0 and earlier

10/8/2024

 Memory Leak

Important Priority 3: Update at admins discretion

Multiple CVE's

Adobe Commerce & Open Source

2.4.7-p2 and earlier
2.4.6-p7 and earlier
2.4.5-p9 and earlier
2.4.4-p10 and earlier

10/8/2024

 Arbitrary Code Execution,
Arbitrary File System Read,
Privilege Escalation,
Security Feature Bypass

Critical Priority 2: Update within 30 days

Adobe Commerce B2B

1.4.2-p2 and earlier
1.3.5-p7 and earlier
1.3.4-p9 and earlier
1.3.3-p10 and earlier

Multiple CVE's

Adobe Dimension

4.0.3 and earlier

10/8/2024

 Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

Multiple CVE's

Adobe Animate

2023 23.0.7 and earlier

2024 24.0.4 and earlier

10/8/2024

 Arbitrary Code Execution,
Memory Leak

Critical Priority 3: Update at admins discretion

CVE-2024-45145

Adobe Lightroom

7.4.1 and earlier

Classic 13.5 and earlier

Classic (LTS) 12.5.1 and earlier

10/8/2024

 Memory Leak

Critical Priority 3: Update at admins discretion

CVE-2024-45136

Adobe InCopy

19.5 and earlier

18.5.4 and earlier

10/8/2024

 Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

CVE-2024-45137

Adobe InDesign

19.4 and earlier

18.5.3 and earlier

10/8/2024

 Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

Multiple CVE's

Adobe Substance 3D Stager

3.0.3 and earlier

10/8/2024

 Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

Multiple CVE's

Adobe Framemaker

2020 Release Update 6 and earlier

2022 Release Update 4 and earlier

10/8/2024

 Arbitrary Code Execution

Critical Priority 3: Update at admins discretion

Multiple CVE's

Apple watchOS

Before 11.1

10/28/2024

 Arbitrary Code Execution,
Denial of Service,
Information Disclosure,
Memory Leak,
Out of Bounds,
Security Feature Bypass,
Use After Free		 Update after testing

Multiple CVE's

Apple macOS

Sequoia before 15.1

10/28/2024

 Arbitrary Code Execution,
Denial of Service,
Information Disclosure,
Memory Leak,
Out of Bounds,
Security Feature Bypass,
Unauthorized File Change,
Use After Free		 Update after testing

Multiple CVE's

Apple macOS

Ventura before 13.7.1

10/28/2024

 Arbitrary Code Execution,
Denial of Service,
Heap Corruption,
Information Disclosure,
Memory Leak,
Out of Bounds,
Security Feature Bypass,
Unauthorized File Change		 Update after testing

Multiple CVE's

Apple macOS

Sonoma before 14.7.1

10/28/2024

 Arbitrary Code Execution,
Denial of Service,
Heap Corruption,
Information Disclosure,
Memory Leak,
Out of Bounds,
Security Feature Bypass,
Unauthorized File Change		 Update after testing

Multiple CVE's

Apple iOS

iOS/iPadOS before 18.1

10/28/2024

 Arbitrary Code Execution,
Denial of Service,
Heap Corruption,
Information Disclosure,
Memory Leak,
Out of Bounds,
Security Feature Bypass,
Use After Free		 Update after testing

Multiple CVE's

Apple Safari

Before 18.1

10/29/2024

 Information Disclosure,
Memory Corruption,
Security Feature Bypass		 Update after testing

Multiple CVE's

Google
Chrome

Before 130.0.6723.69 (Linux)

Before 130.0.6723.69/.70 (Windows/Mac)

10/22/2024

 Inappropriate Implementation,
Insufficient Data Validation,
Integer Overflow,
Type Confusion,
Use After Free		 Update after testing

Multiple CVE's

Mozilla Thunderbird

Before 132

10/29/2024

 Arbitrary Code Execution,
Cross Site Scripting,
Denial of Service,
Permission Leak,
Race Condition,
Spoofing,
Use After Free,
User Confusion

Update after testing

Multiple CVE's

Mozilla Firefox

Before 132

10/29/2024

 Arbitrary Code Execution,
Cross Site Scripting,
Denial of Service,
Permission Leak,
Race Condition,
Spoofing,
Use After Free,
User Confusion

Update after testing

Multiple CVE's

Mozilla Firefox ESR

In 128.4

10/29/2024

 Arbitrary Code Execution,
Cross Site Scripting,
Denial of Service,
Permission Leak,
Spoofing,
Use After Free,
User Confusion

Update after testing

Multiple CVE's

Mozilla Focus for iOS

Before 132

10/28/2024

 Security Feature Bypass

Update after testing

Multiple CVE's

Mozilla Firefox for iOS

Before 131.2

10/15/2024

 User Confusion

Update after testing

CVE-2024-45425

Zoom Apps

Meeting SDK for Windows/macOS/iOS/Linux/Android before 6.1.0

Workplace VDI Client for Windows before 6.1.10 (Except 5.17.15 and 6.0.12)

Workplace App for Windows/macOS/ Linux/iOS/Android before 6.1.0

Rooms App for Windows/iOS before 6.1.0

Rooms Controller for Windows/macOS/Linux/Android/iOS before 6.1.0

10/8/2024

 Information Disclosure

Update after testing

CVE-2024-45426

Zoom Apps

Meeting SDK for Windows/iOS/Linuxd before 6.1.0

Workplace VDI Client for Windows before 6.1.10 (Except 5.17.15 and 6.0.12)

Workplace App for Windows/ Linux/iOS before 6.1.0

Meeting SDK for Windows/iOS/Android/macOS/Linux before 6.1.0

Rooms App for Windows/iOS before 6.1.0

Rooms Controller for Windows/Linux/iOS before 6.1.0

10/8/2024

 Information Disclosure

Update after testing

Thanks as always for reading and best wishes on security,

Randy Franklin Smith

Follow randyfsmith on Twitter Subscribe to Randy Franklin Smith on Facebook

Click here to unsubscribe

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.

9450 SW Gemini Drive #53822, Beaverton, OR 97008

Note: We do our best to provide quality information and expert commentary but use all information at your own risk.