Chrome stable channel update fixes 20 security vulnerabilities
Hello everyone, Chrome 85 has been promoted to the stable channel 85.0.4183.83 for Windows, macOS, and Linux. This update comes with fixes for 20 security vulnerabilities, the details of which are given below: CVE ID Vulnerability details Severity CVE-2020-6558 Insufficient policy enforcement in iOS High CVE-2020-6559 Use after free in presentation API High CVE-2020-6560 Insufficient policy enforcement in autofill Medium CVE-2020-6561 Inappropriate implementation in Content
Security updates released for Firefox 80, ESR 68.12, and ESR 78.2
Hello everyone, Mozilla has released security updates for Firefox 80, Firefox ESR 68.12, and Firefox ESR 78.2. Most of the vulnerabilities fixed are of high severity. The details of the vulnerabilities fixed are as follows: CVE ID Vulnerability details Severity CVE-2020-15663 Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege High CVE-2020-15664 Attacker-induced prompt for extension installation High CVE-2020-12401 Timing-attack
Out-of-band updates released for Windows 8.1 and Windows Server 2012 R2
Hello everyone, Microsoft on August 19, released an emergency out-of-band update for two privilege escalation vulnerabilities disclosed in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems. The vulnerabilities are tracked as CVE-2020-1530 and CVE-2020-1537. Both of these vulnerabilities exist in Windows Remote Access Service (RAS) and when exploited, grant elevated privileges to remote attackers. A patch for both vulnerabilities for Windows 10, Windows 7, and Windows Server 2008,
Patch update delayed since application is used by another process
Is there anyway to automatically add computers with patches that cannot install due to the fact that the user has them in use to be added to the automated restart schedule that takes place for updates that require a restart. I find in some scenarios computers might have 10 or so updates wanting to install, however the update its trying to install wont install as the user has it open so it will constanly retry to the count i have set before it fails and then continues to install the others. Is there
August Patch Tuesday - Non-security and Third party updates
Hello everyone, Below is the list of the supported Non-security and Third party updates from August Patch Tuesday NON-SECURITY UPDATES : Update for Microsoft Office 2016 (KB4484418) Update for Microsoft Project 2016 (KB4484477) Update for Skype for Business 2016 (KB4484464) Update for Microsoft Office 2010 (KB4484454) Update for Microsoft PowerPoint 2010 (KB4092435) NON-SECURITY SQL SERVER UPDATES : Cumulative Update Package 6 for SQL Server 2019 - KB4563110 Cumulative Update Package 14 for SQL
August Patch Tuesday security updates
Hello everyone, Below is the list of the security updates supported from August Patch Tuesday New Windows Security Updates : 2020-08 Security Only Quality Update for Windows 8.1 (KB4571723) (CVE-2020-1464) 2020-08 Security Only Quality Update for Windows Server 2012 R2 (KB4571723) (CVE-2020-1464) 2020-08 Security Only Quality Update for Windows Server 2012 (KB4571702) (CVE-2020-1464) 2020-08 Security Monthly Quality Rollup for Windows 8.1 (KB4571703) (CVE-2020-1464) (CVE-2020-1380) 2020-08 Security
Security fixes released for Adobe Acrobat and Reader
Hello everyone, Adobe has released security updates for Acrobat and Reader for Windows and macOS. Most of the updates are rated 'critical' and 'important'. Successful exploitation of these vulnerabilities could lead to arbitrary code execution in the context of the current user. The affected versions are as follows: Acrobat DC Continuous - 2020.009.20074 and earlier versions Acrobat Reader DC Continuous - 2020.009.20074 and earlier versions Acrobat 2017 Classic 2017 - 2017.011.30171 and earlier versions
Chrome stable channel update 84.0.4147.125 fixes several security vulnerabilities
Hello everyone, Google has updated its stable channel for Chrome to 84.0.4147.125 for Windows, macOS, and Linux. This update comes with 15 security fixes. The vulnerabilities addressed are as follows: CVE ID Vulnerability Severity CVE-2020-6542 Use after free in ANGLE High CVE-2020-6543 Use after free in task scheduling High CVE-2020-6544 Use after free in media High CVE-2020-6545 Use after free in audio High CVE-2020-6546 Inappropriate implementation in installer
API access to view remarks
In the on premise version of Desktop Central when waiting for a configuration to deploy of missing patches for a computer you can view remarks for it which tells you the estimated time they will deploy. Is there any way to see that using the API? Also is there any way to actually have Desktop Central deploy immediately insead of sometimes having to wait for an hour even though the patches are downloaded and ready to install?
Security updates released for Firefox 79 and Firefox ESR 68.11
Hello everyone, Mozilla has fixed several security vulnerabilities in Firefox 79 and Firefox ESR 68.11. The details of the vulnerabilities are as follows: CVE ID Vulnerability Severity CVE-2020-15652 Potential leak of redirect targets when loading scripts in a worker High CVE-2020-6514 WebRTC data channel leaks internal address to peer High CVE-2020-15655 Extension APIs could be used to bypass Same-Origin Policy High CVE-2020-15653 Bypassing iframe sandbox when allowing
Chrome updated to stable channel 84.0.4147.105
Hello everyone, Google Chrome has been updated to stable channel 84.0.4147.105 for Windows, macOS, and Linux. This update fixes several security vulnerabilities, the details of the same are presented below: CVE ID Vulnerability Severity CVE-2020-6537 Type Confusion in V8 High CVE-2020-6538 Inappropriate implementation in WebView High CVE-2020-6532 Use after free in SCTP High CVE-2020-6539 Use after free in CSS High CVE-2020-6540 Heap buffer overflow in Skia High
Issue with PMP since custom patch
I have been having an issue getting a problem resolved that I've had since I requested a product enhancement to PMP. Our Company had a need for an enhancement that we reached out to ME about, and they seemed super happy to develop it. When they gave me the enhancement, I installed it, but it didn't seem to work all the way. I reahced out to them, and they remoted in and did some work on it that, on the outset, seemed to get the functionality going. Unfortunately, it appears to have broken my patch
Security updates for Microsoft Edge (Chromium - based)
Hello everyone, Security updates for Microsoft Edge (Chromium-based) has been released to fix several vulnerabilities. The details of the vulnerabilities addressed are as follows: CVE-ID Vulnerability details Severity CVE-2020-6510 Heap buffer overflow in background fetch Critical CVE-2020-6511 Side-channel information leakage in content security policy High CVE-2020-6512 Type Confusion in V8 High CVE-2020-6513 Heap buffer overflow in PDFium High CVE-2020-6514
Critical remote code execution vulnerability in Windows DNS server (CVE-2020-1350)
Hello there, Patch Tuesday July 2020 comes with a fix for the critical vulnerability CVE-2020-1350 in Windows DNS Server. This vulnerability is classified 'wormable' and has been given a CVSS score of 10. Cause of this vulnerability: This vulnerability exists due to the improper handling of requests by Windows Domain Name System (DNS) Servers. Impact of this vulnerability: To exploit this vulnerability, an unauthenticated attacker should send malicious requests to a Windows DNS server.
Patch Tuesday July 2020 - Supported updates
Hello everyone, Below is breakdown of all the updates released this Patch Tuesday. New Security Bulletins : 2020-07 Servicing Stack Update for Windows 10 Version 1809 and Windows Server 2019 (KB4558997) 2020-07 Servicing Stack Update for Windows 10 Version 1803 (KB4565552) 2020-07 Servicing Stack Update for Windows 10 Version 1709 (KB4565553) 2020-07 Servicing Stack Update for Windows 10 Version 1903 and Windows Server, version 1903 (KB4565554) 2020-07 Servicing Stack Update for Windows 10 Version
Google stable channel updated to 84.0.4147.89
Hello everyone, Chrome 84 has been updated to stable channel 84.0.4147.89 for Windows, Mac, and Linux. Various security issues have been fixed with this release, the details of which are as follows: CVE-ID Vulnerability details Severity CVE-2020-6510 Heap buffer overflow in background fetch Critical CVE-2020-6511 Side-channel information leakage in content security policy High CVE-2020-6512 Type Confusion in V8 High CVE-2020-6513 Heap buffer overflow in PDFium High
Google releases chrome stable channel update 83.0.4103.116
Hello everyone, Google has updated its chrome stable channel to 83.0.4103.116 for Windows, Mac, and Linux. This following high severity vulnerability has been fixed in this release. CVE-2020-6509: Use-after-free in extensions To patch this vulnerability using Patch Manager Plus, initiate a sync between the Patch Database and Patch Manager Plus server. Once this is done, search for the following Patch IDs or Bulletin ID and install them in target systems. Patch ID Bulletin ID Patch Description
Chrome stable channel update fixes 3 vulnerabilities
Hello folks, Google has updated its chrome stable channel to 83.0.4103.106 for Windows, Mac, and Linux. This update comes with fixes for three vulnerabilities. The details of these vulnerabilities are as follows: CVE ID Vulnerability Severity CVE-2020-6505 Use after free in speech High CVE-2020-6506 Insufficient policy enforcement in WebView High CVE-2020-6507 Out of bounds write in V8 High To install this update using Patch Manager Plus, initiate a sync between the Patch Database and Patch
Windows SMB protocol hit again by a new critical vulnerability - SMBleed
Hello everyone, A mere three months after patching a wormable SMBv3 vulnerability dubbed SMBGhost (CVE-2020-0796), cybersecurity researchers have identified another similar vulnerability in Windows SMB protocol. This vulnerability is called SMBleed (CVE-2020-1206) and has a severity rating score of 10. What is SMBleed? SMBleed is a new critical wormable vulnerability found in the Windows Server Message Block (SMB) protocol. This vulnerability allows attackers to leak kernel memory remotely. SMBleed
Patch Tuesday June 2020 - Supported updates
Hello everyone, This month, we are witnessing the largest ever Patch Tuesday with 129 security fixes. Here is the list of supported updates New Security Bulletins : 2020-06 Security Update for Adobe Flash Player for Windows (KB4561600) 2020-06 Security Only Quality Update for Windows Server 2008 (KB4561645) (ESU) 2020-06 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4561669) (ESU) 2020-06 Security Only Quality Update for Windows Server 2012 (KB4561674) 2020-06 Security
Chrome releases security updates to fix critical vulnerabilities
Hello everyone, Chrome has updated its stable channel to 83.0.4103.97 for Windows, Mac, and Linux. This update comes with security fixes for several vulnerabilities. The details of the vulnerabilities are as follows: CVE ID Vulnerabilities Severity CVE-2020-6493 Use after free in WebAuthentication High CVE-2020-6494 Incorrect security UI in payments High CVE-2020-6495 Insufficient policy enforcement in developer tools High CVE-2020-6496 Use after free in payments High To patch these vulnerabilities
Mozilla releases security fixes for Firefox 77
Hello everyone, Mozilla has released security fixes for vulnerabilities in Firefox 77. The details of the vulnerabilities fixed are as follows CVE ID Vulnerability Severity CVE-2020-12399 Timing attack on DSA signatures in NSS library High CVE-2020-12405 Use-after-free in SharedWorkerService High CVE-2020-12406 JavaScript type confusion with NativeTypes High CVE-2020-12407 WebRender leaking GPU memory when using border-image CSS directive Moderate CVE-2020-12408 URL spoofing when using IP
Rollout of Windows 10 2004 Feature updates
Hello All, A Quick heads-up, Microsoft has released its Windows 10 2004 feature updates for users. Below you can find a few highlights of this feature update. Fast identity authentication through Windows Hello is now supported across all major browsers. Windows Defender system guard enables a higher level of firmware protection. Setup Diag is automatically installed. Improvements in Windows Powershell cmdlets. Go ahead and read this document to know what the pre-requisites are and how
Introducing support for Driver and BIOS updates in Patch Manager Plus
Hello everyone, We are delighted to announce that you can now update Drivers and BIOS using Patch Manager Plus. With this addition, Patch Manager Plus goes one step further to fulfilling all the patching requirements present in a business environment. You can avail these updates from Patch Manager Plus build version 10.0.545. Driver and BIOS updates are also supported on Patch Manager Plus Cloud. For a complete list of the supported Driver and BIOS updates, refer this document. Cheers, ManageEngine
Chrome 83.0.4103.61 fixes 38 security flaws
Hello everyone, The latest stable version of the web browser ' Google Chrome ', version 83.0.4103.61, aka Chrome 83, is released for Windows, Mac and Linux. This update contains 38 security fixes and packs a number of new features including enhanced privacy controls, new settings for managing cookie files, a new Safety Check option, support for tab groups, new graphics for web form elements, a new API for detecting barcodes, and a new anti-XSS security feature. Here's a quick glance at the list
Adobe releases patches for vulnerabilities in Reader and Acrobat
Hello everyone, In this month's security release, Adobe has fixed security vulnerabilities in Reader and Acrobat for Windows and macOS. If these vulnerabilities are exploited, they could cause remote code execution attacks and information leaks. The details of the vulnerabilities are as follows: CVE-ID Severity Impact CVE-2020-9610 Important Application denial-of-service CVE-2020-9612 Critical Arbitrary Code Execution CVE-2020-9615 Critical Security feature bypass CVE-2020-9597 CVE-2020-9594
May 2020 Patch Tuesday updates
Hello Everyone, Below is breakdown of all the updates released this Patch Tuesday. New Security Bulletins : 2020-05 Security Only Quality Update for Windows Server 2008 (KB4556854) (ESU) 2020-05 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4556843) (ESU) 2020-05 Security Only Quality Update for Windows Server 2012 (KB4556852) 2020-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4556853) 2020-05 Security Monthly Quality Rollup for Windows Server
Chrome fixes critical vulnerabilities - CVE-2020-6831 and CVE-2020-6464
Hello everyone, Google Chrome has updated its stable channel to 81.0.4044.138 for Windows, Mac, and Linux. This update addresses two security vulnerabilities. CVE ID Vulnerability Severity CVE-2020-6831 Stack buffer overflow in SCTP High CVE-2020-6464 Type confusion in Blink High To patch these vulnerabilities, initiate a sync between the Patch Manager Plus server and the Central Patch repository. After the sync, search for the following Patch IDs or Bulletin ID and install them in your target
Mozilla fixes security vulnerabilities in Firefox 76
Hello everyone, Mozilla has released fixes for several security vulnerabilities in Firefox 76. Below are the details of the vulnerabilities fixed. CVE ID Vulnerability Severity CVE-2020-12387 Use-after-free during worker shutdown Critical CVE-2020-12388 Sandbox escape with improperly guarded access tokens Critical CVE-2020-12389 Sandbox escape with improperly separated process types High CVE-2020-12390 Incorrect serialization of nsIPrincipal.origin for IPv6 addresses Moderate CVE-2020-12391
Critical issue while deploying Cisco Webex patch
Hello everyone, The Cisco Webex patch with Patch ID 313977 was released on Apr-28-2020 at 04:40 pm GMT. Regrettably, on installing this patch in certain machines, few of our customers got in touch with us stating a few issues. Following this, the patch was removed from the Patch Manager Plus repository on the morning of Apr-29-2020, for further analysis of the situation. Issue when deploying Cisco Webex patch: Customers who have synced the database and deployed the Cisco Webex patch in the
Chrome fixes critical vulnerabilities in the latest stable channel update
Hello everyone, Google Chrome stable channel has been updated to 81.0.4044.129 for Windows, Mac, and Linux. This update comes with security fixes for two critical vulnerabilities. The details of the vulnerabilities are as follows: CVE-ID Vulnerability Severity CVE-2020-6461 Use after free in storage High CVE-2020-6462 Use after free in task scheduling High To patch these vulnerabilities, initiate a sync between the Patch Manager Plus server and the Central Patch repository. Search for the
Chrome releases stable channel update to address critical vulnerabilities
Hello everyone, Google has updated its Chrome stable channel to 81.0.4044.122 for Windows, Mac, and Linux. This update comes with fixes for three critical vulnerabilities CVE ID Vulnerability Severity CVE-2020-6458 Out of bounds read and write in PDFium High CVE-2020-6459 Use after free in payments High CVE-2020-6460 Insufficient data validation in URL formatting High To patch these vulnerabilities using Patch Manager Plus, initiate a sync between the Patch Manager Plus server and the Central
Google chrome patches critical vulnerability - CVE-2020-6457
Hello folks, Chrome has updated its stable channel to 81.0.4044.113 for Windows, Mac, and Linux systems. This update includes the security fix for the critical vulnerability CVE-2020-6457. This is a use-after free vulnerability in Speech recognizer component in Google Chrome. A remote attacker who exploits this vulnerability can create a specially crafted web page and trick victims into clicking it, triggering the use-after-free error to execute arbitrary codes on the target systems. Initiate
Patch Tuesday April 2020 - updates breakdown
Hello guys, Here is a quick breakdown of the April Patch Tuesday updates New Security Bulletins : 2020-04 Servicing Stack Update for Windows Server 2019 and Windows 10 Version 1809 (KB4549947) 2020-04 Servicing Stack Update for Windows 10 Version 1607 and Windows Server 2016 (KB4550994) 2020-04 Servicing Stack Update for Windows 10 Version 1903 and Windows Server, version 1903 (KB4552152) 2020-04 Servicing Stack Update for Windows 10 Version 1909 and Windows Server, version 1909 (KB4552152) 2020-04
Firefox 75 and Firefox ESR 68.7 fix high severity vulnerabilities
Firefox rolled out the latest stable version Firefox 75.0 and its corresponding ESR version Firefox ESR 68.7 to fix a number of vulnerabilities found in their earlier versions. Here's a list of CVEs fixed and their details: CVE ID Severity Vulnerability Description Fixed in CVE-2020-6828 High Preference overwrite via crafted Intent from malicious Android application Firefox ESR 68.7 CVE-2020-6827 High Custom Tabs in Firefox for Android could have the URI spoofed Firefox ESR 68.7 CVE-2020-6821
Mozilla fixes 2 wildly exploited zero-day vulnerabilities in Firefox
Mozilla has released fixes for 2 zero-day vulnerabilities in Firefox. The fixes are available in the newly released version of the browser, Firefox 74.0.1.The updated version fixes the vulnerabilities CVE-2020-6819 and CVE-2020-6820 Vulnerability and impact Both CVE-2020-6819 and CVE-2020-6820 are use-after-free vulnerabilities and occur due to improper memory space management by Firefox. These bugs when exploited allow the hacker to write codes into Firefox's memory and have it executed in the
Zoom issued fix for an UNC vulnerability that compromises Windows credentials
Zoom patched a fatal flaw in the Zoom Windows client that allows attackers to use its chat feature to share malicious links that once clicked will leak the Windows network credentials of the victim. Such attacks are possible because Zoom for Windows not only converts normal URLs into a clickable link but also Windows networking Universal Naming Convention (UNC) paths. UNC is used to locate a network resource, such as a file hosted on an attacker-controlled SMB (Server Message Block) server. When
Google Chrome releases Stable Channel Update
Hello guys, Google Chrome has updated its stable channel to 80.0.3987.162 for Windows, Mac, and Linux systems. This update also includes 8 security fixes. Below are the fixes that require immediate attention CVE ID Severity Vulnerability CVE-2020-6450 High Use after free in WebAudio CVE-2020-6451 High Use after free in WebAudio CVE-2020-6452 High Heap buffer overflow in media Initiate a sync between the Patch Manager Plus server and the Central Vulnerability database and search
All Windows versions compromised due to critical Zero-day vulnerabilities
Hello folks, Two critical zero-day vulnerabilities have been discovered in Windows Adobe Type Manager Library. Both these vulnerabilities are unpatched and allows attackers to take remote control of the systems affected (Remote Code Execution vulnerability). As of now, the attacks are not widespread and only limited targeted systems are hit. Versions affected All versions of the Windows Operating system is susceptible to attacks including Windows version 10, 8.1, 7, and Server 2008, 2012, 2016,
Patch Manager and Office365 Channel Updates
We are currently researching why some endpoints are missing patches to Office products despite PM telling us that there are no patches left to deploy. Is there something different we need to do with Patch Manager as we use Office365 ProPlus which use Channel Updates. Will PM collect from Channel Updates?
Next Page