May 2019 Patch Tuesday updates from ManageEngine
Hello peeps, Good day. Quick update on the May 2019 Patch Tuesday updates. New Security Bulletins : 2019-05 Security Update for Adobe Flash Player for Windows (KB4497932) 2019-05 Security Only Quality Update for Windows Server 2008 (KB4499180) 2019-05 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4499175) 2019-05 Security Only Quality Update for Windows Server 2012 (KB4499158) 2019-05 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4499165) 2019-05
Microsoft releases a fix for the Wormable vulnerability(CVE-2019-0708)
Microsoft released this month's edition of Patch Tuesday with fix for a highly critical vulnerability. This vulnerability (CVE-2019-0708), dubbed "Wormable vulnerability", resides in "Remote Desktop Services" component and could be exploited remotely by sending specially crafted requests over RDP(Remote Desktop Protocol) to a targeted system. This vulnerability is present in Windows 7, Windows Server 2008 R2, Windows Server 2008 and in older versions like Windows XP and Windows 2003 as well.
Critical bug fixes in Google Chrome 74.0.3729.108
The Chrome team has rolled out the latest version Chrome 74.0.3729.108 with a huge list of bug fixes and improvements. This update comes with nearly 39 security fixes. Below is the list of CVE IDs that are rated 'Critical' CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5812 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5816 CVE-2019-5817 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 To patch
Adobe discontinues its support for Adobe Shockwave
Adobe has announced that Adobe Shockwave will not be supported anymore. Effecitve from April 9, 2019 Adobe Shockwave for Windows will no longer be available for download. But Adobe added that "Companies with existing Enterprise licenses for Adobe Shockwave continue to receive support until the end of their current contracts" Please note that Adobe has discontinued Adobe Shockwave for macOS on March 1, 2017. So, even if you have Adobe Shockwave installed in your environment, Patch Manager Plus
Issue in booting up the machines after installing Windows updates.
Computers fail to boot after installing the following Windows updates: KB4493467, KB4493446, KB4493448, KB4493472, KB4493450, KB4493451 Note: This issue will occur for systems having Sophos Endpoint Security Installed. Reference: https://community.sophos.com/kb/en-us/133945 Patch Manager Plus has marked these updates as 'Partially Superseded' and they won't be listed in the 'Missing Patches'. However, these updates can be viewed and uninstalled from the 'Installed Patches' view. Update 1: To
Patch Manager Plus now supports April 2019 Patch Tuesday updates
Good day. A quick update on the April 2019 Patch Tuesday. New Security Bulletins : 2019-04 Security Update for Adobe Flash Player for Windows (KB4493478) 2019-04 Security Only Quality Update for Windows Server 2008 (KB4493458) 2019-04 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4493448) 2019-04 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB4493450) 2019-04 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4493467)
Chrome releases a new stable version 73.0.3683.103
Google has just rolled out a new update for Chrome 73 that comes with some minor bug fixes and performance updates. With this latest update, Chrome will be inching closer to releasing the next big update — Chrome 74. Patch Manager Plus now supports updating your endpoints to the latest version - Chrome 73.0.3683.103. If you're looking to update your Chrome, just look for Bulletin ID - TU-017 and Patch ID - 309433 (32-bit) and 309434 (64-bit)
Microsoft warns BSOD on devices after enabling EUDC
Microsoft has warned that if per font end-user-defined characters (EUDC) is enabled, the system will stop working and a blue screen will appear at startup. But it can be avoided if you don't install the following updates: KB4489894, KB4489890, KB4489888 and KB4489889. Patch Manager Plus has suspended these updates and for users who already have these updates in your endpoints, kindly follow the steps given in the Microsoft's official KB article. https://support.microsoft.com/en-in/help/4496149
Critical updates released for Mozilla Thunderbird, iCloud, and iTunes
Apple and Mozilla have released critical updates in their products — iCloud (7.11.0.19), iTunes (12.9.4.102) and Thunderbird (60.6.1) respectively. Patch Manager Plus now supports the patching of these updates. Below are the possible exploits for each application if they're left unpatched. Application: iCloud (7.11.0.19) Possible Exploit if left unpatched: Elevation of Privilege, Remote Code Execution Application: iTunes (12.9.4.102) Possible Exploit if left unpatched: Elevation of Privilege,
Can someone explain the correct usage of the 'Test and Approve' feature + test groups?
The documentation for 'Test and Approve' is not very clear on the specific implementation of the feature: https://www.manageengine.com/patch-management/help/test-approve-patches.html#test Consider this: - An automated deployment called 'Workstation Patches' that applies patches to all (100) Windows 7 workstations - A group called 'Windows 7 Test Group' that contains (5) Windows workstations targeted by the 'Workstation Patches' deployment - Approval type set to "Test and Approve' I want unapproved
Trouble deploying KB4056894 - March Update
I am attempting to deploy March patches with PatchManager Plus and for some reason all of the Windows 7 computers that I am attempting to deploy KB4056894 to are failing. The Remarks are “Unknown Error. Code : -2145124329”. The help indicates that is a corrept file system but I find it hard to believe that all my Windows 7 computers suddenly have a corrupt file system. Is anyone else experiencing this?
Critical security updates released for Firefox 66.0.1
Mozilla has released updates to address two critical vulnerabilities in Firefox 66.0.1 and Firefox 66.6.1 ESR (Extended Support Release). These vulnerabilities, that are addressed in CVE-2019-9810 and CVE-2019-9813, come as fixes for incorrect handling of files in IonMonkey (Mozilla's JIT compiler for SpiderMonkey). Patch Manager Plus now supports these critical Mozilla updates. To patch your Mozilla Firefox with these latest critical updates, look for Patch IDs 309305,309306,309307 and 309309.
Google Chrome releases stable version 73.0.3683.86
Google Chrome has updated the stable channel to 73.0.3683.86. This version comes with a bevy of features like the built-in dark mode, tab grouping, media key support etc. along with several bug fixes. Patch Manager Plus now supports Google Chrome's latest version 73.0.3683.86 for Windows and Mac. If you're looking to update your Chrome to get your hands on the newest features, just look for Bulletin ID - TU-017 and Patch ID - 309264 (32-bit) and 309265 (64-bit) in Patch Manager Plus.
Zero-day bug in Win32k component is being actively exploited
The zero-day vulnerability in Win32k component which was patched with this Month's Patch Tuesday is being actively exploited by attackers. This vulnerability was addressed by Microsoft in CVE-2019-0797 . The vulnerability: This is an Elevation of Privilege vulnerability found in the win32k that fails to handle objects in memory properly. If this zero-day vulnerability is exploited, the attacker could execute arbitrary codes in kernel mode. Solution: To stay secured from this exploit, Patch
Chrome 73 to patch a huge list of critical vulnerabilities
Google Chrome has rolled out Chrome 73 for Windows, Mac and Linux. Around 60 security fixes are included in the Chrome 73.0.3683.75 update. Below is a highlighted list of fixes that address critical vulnerabilities: Workaround: Search for the following patch IDs: 309179 (for 32 bit) ,309181 (for 64) in Patch Manager Plus and deploy them immediately to stay secure against the above mentioned vulnerabilities.
Microsoft Patch Tuesday updates for March 2019
Good day. Quick update on the March 2019 Patch Tuesday. New Security Bulletins : 2019-03 Security Update for Adobe Flash Player for Windows (KB4489907) 2019-03 Security Only Quality Update for Windows Server 2008 (KB4489876) 2019-03 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4489885) 2019-03 Security Only Quality Update for Windows Server 2012 (KB4489884) 2019-03 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4489883) 2019-03 Cumulative Update
Update your Google Chrome to 72.0.3626.121 ASAP!
The Chrome Security team has released a fix for a highly critical vulnerability in Google Chrome (72.0.3626.121)with CVE-2019-5786 that could allow a remote attacker to execute arbitrary code and take full control of the computers. Please note that this vulnerability is being actively exploited. The Chrome security team reported the issue as a use-after-free vulnerability found in the FileReader component of the Chrome browser. The security team hasn't revealed any technical details of the vulnerability
Launching Vulnerability Manager Plus: Hunt down security loopholes with 100% precision
Amp up your endpoint security game with ManageEngine's all-new Vulnerability Manager Plus. Pinpoint, prioritize, and eliminate vulnerabilities with ease. With Vulnerability Manager Plus' 360-degree visibility, you can eliminate blind spots, uncover exposed areas of your network, and seal security loopholes before they lead to a breach. Vulnerability Manager Plus delivers the threat intelligence necessary to predict real risks from a plethora of vulnerabilities, and acts as a strategic partner in
Microsoft now requires SHA-2 algorithm to patch Windows legacy OS versions
Microsoft has said in an official statement that it will be ruling out the support for SHA-1 algorithm and migrate to SHA-2 hash algorithm for code-signing purpose. Customers running legacy OS versions (Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2) will be required to have SHA-2 code signing support installed on their devices by July 2019. Any devices without SHA-2 support will not be offered Windows updates after July 2019. Microsoft will be releasing updates that introduces
Adobe releases an update to fix a bug in their Zero-day patch released a week ago
After the update that was targeted at fixing the zero-day vulnerability, failed to patch it, Adobe has released another patch to fix the critical information disclosure bug in Adobe Acrobat reader. This zero-day vulnerability which was tracked as CVE-2019-7089 was reported by a security researcher on Jan 26 which could lead to disclosure of sensitive information. On Feb 12, Adobe tried resolving this issue by releasing a fix for this zero-day bug. But the security reacher found a by-pass in the
Update to the latest hotfix - logs issue fixed.
Hey all, There was a password printing issue in our logs, which is now fixed. There's no printing of critical data in the logs anymore, we have ensured with thorough testing that the logs are cleared of any passwords. Our customers can upgrade to the latest hotfixes as applicable. Learn about it here: https://www.manageengine.com/products/desktop-central/vulnerability-in-log-files.html Security is our foremost priority, and we strive to upkeep our users' security. Thanks for your understanding and
macOS Mojave 10.14.3 Supplemental Update for FaceTime bug
Apple has rolled out macOS Mojave 10.14.3 supplemental update that fixes the FaceTime bug that let people eavesdrop on unanswered group video calls. Besides, the macOS Mojave 10.14.3 supplemental update addresses another security issue involving Live Photos on FaceTime. Apple didn't disclose any information on that issue yet, but ensured that it's been fixed in the new update. Workaround: You can deploy macOS Mojave 10.14.3 supplemental update to resume using FaceTime without any issues. To deploy
Microsoft addresses Patch Tuesday security updates for January 2019
Hello everyone, Good day! Microsoft has just announced the Patch Tuesday security updates for the month of January 2019. This month's security updates fix various vulnerabilities and flaws in many Microsoft products. This includes, Adobe Flash Player Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore .NET Framework ASP.NET Microsoft Exchange Server, and Microsoft Visual Studio Patch Manager Plus will support these patches as the
End of Public Updates for Java SE 8 - Commercial Users upgrade your package
Oracle has announced changes to ongoing support for Java SE 8 (Standard Edition). This forum describes how Patch Manager Plus will continue its support for Java SE 8 in January 2019 and beyond. More on this: Oracle recently announced changes to support for Public Updates for Java SE 8 In January 2019 Oracle will require those who wish to continue support for Java 8 SE to subscribe to the new Java SE Subscription offering to continue to receive Java SE 8 updates. This subscription covers all Java
KB4480960 and KB4480970 causing issues with network shares
Security updates KB4480960 and KB4480970 for Windows 7 SP1 and Windows Server 2008 R2 SP1 released on January 8, 2019 (January's Patch Tuesday) cause network shares to be inaccessible under certain circumstances: The issue is triggered only if the user attempting to make the connection is an administrator on the machine that hosts the Share. If the user is a non-administrative user on the device that hosts the share, the connection works fine. Workaround: If you are facing this issue, follow the
CVE-2018-19725 - Adobe releases critical patches to address major vulnerabilities:
Adobe has released critical security updates for Adobe Acrobat and Adobe Reader for Windows and Mac OSs. These updates addresses two critical vulnerabilities: Arbitrary Code Execution and Privilege Escalation. Affected Adobe versions which requires an update: Acrobat DC - 2019.010.20064 and earlier versions Acrobat Reader DC - 2019.010.20064 and earlier versions Acrobat 2017 - 2017.011.30110 and earlier version Acrobat Reader 2017 - 2017.011.30110 and earlier version Acrobat DC - 2015.006.30461 and
Patch Manager Plus cloud is now extra secure with TLS 1.2
Hey everyone, To strengthen the security of our cloud servers and protect customer data, we are enforcing TLS 1.2 across our services. After the upgrade, legacy machines, like Windows 2008 Server, without TLS 1.2 support will not be able to make contact with the Patch Manager Plus server. Make sure you upgrade your legacy machines to the latest TLS version or migrate the machines to more secure Operating system versions. Please upgrade the machines before mid of January 2019. If there are no legacy
CVE-2018-8653 | Severe Security Vulnerability fixes available
A severe vulnerability has been discovered by Microsoft: A remote code execution vulnerability corrupts memory in such a way that an attacker could successfully exploit the vulnerability and gain the user rights same as the current user. The Research team of Microsoft has released Cumulative updates CVE # 2018-8653, which needs to be deployed immediately. Cumulative and Delta Updates are also released on Patch Tuesday. This time, in the month of December they have released Cumulative and Delta updates:
SQLite "Magellan" bug affects Chrome: Update Chrome to version 71.0.3578.80
A highly critical remote code execution vulnerability has been discovered in SQLite, an underlying database engine embedded into the Chrome browser. This vulnerability has not yet received a CVE identification number. As of now, the SQLite vulnerability has been widely referred by the codename "Magellan". Google acknowledged the bug in its browser's underlying database and has issued a fix in it's latest versions for Chrome starting from Chrome 71.0.3578.80, generally referred as Chrome 71. This
Microsoft Patch Tuesday December 2018
Good day. Quick update on the December 2018 Patch Tuesday. New Security Bulletins : 2018-12 Security Update for Adobe Flash Player for Windows (KB4471331) 2018-12 Security Only Quality Update for Windows Server 2008 (KB4471319) 2018-12 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4471328) 2018-12 Security Only Quality Update for Windows 8.1 (KB4471322) 2018-12 Security Only Quality Update for Windows Server 2012 and Windows Server 2012 R2 (KB4471326) 2018-12 Delta Update
Share your thoughts about Patch Manager Plus and earn a gift card!
Dear folks, Thanks for your continued support of Patch Manager Plus. We would like to hear how we are faring. You can review us on IT Central Station here: https://www.itcentralstation.com/lp/vendor_invite?product_id=manageengine-patch-manager-plus Also, you can review us on Capterra: http://ca.gartnerdigitalmarkets.com/Patch-Manager-Plus-179288-SS-01_Write_a_Review.html What more, you will be entitled for a gift coupon worth $10 upon reviewing us on Capterra! Keep your reviews coming, your reviews
Microsoft pulls back a couple of MS Office patches after it's found to cause app crashes on start-up
Microsoft has rolled back two of its non-security Office patches- KB 4461522 and KB 2863821 that triggers entry point crashes in various Office 2010 products. These non-security updates were released earlier this month to comply with the changes coming in the Japanese calendar next month. In an update on the KB pages, Microsoft acknowledged that the updates were pulled due to the crashes in some applications and has also given a workaround. "After you install this update, you may experience
Microsoft Patch Tuesday November 2018: Everything you need to know
Microsoft has announced its Patch Tuesday updates for November, which contains patches for 64 vulnerabilities, 12 of which are rated critical. it also has patched ALPC along with a couple of publicly disclosed vulnerabilities. Here are the complete details: New Security Bulletins : 2018-11 Security Update for Adobe Flash Player for Windows (KB4467694) 2018-11 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4467703) 2018-11 Security Only Quality Update for Windows Server
Join us for an Endpoint Security seminar this November!
2018 is coming to an end but the fight against this year's cyberthreats is far from over. ManageEngine brings you an Endpoint Security and Management seminar where you'll have a chance to work with product experts on formulating a plan to protect your endpoints from different malware, including ransomware. Join us at any of our one-day complimentary seminars in Mumbai and Bangalore and show these threats who's boss! Register now to save your spot! What's in it for you? Discover the top cybersecurity
HP machines may experience a blue screen error WDF_VIOLATION after installing HP keyboard driver (version 11.0.3.1)
Problem: There exists a known incompatibility issue with certain HP machines running on Windows 10 version 1803 and up, when installing the HP keyboard driver version 11.0.3.1 2, either manually or through Windows updates. This may result in a blue screen error: WDF_VIOLATION, after installation. Solution: Scenario 1 You have installed the driver and a restart is pending If you have installed the HP keyboard driver (version 11.0.3.1), and you are pending a restart, do not restart your machine. Microsoft
Product Roadmap.
Is there documentation anywhere outlining what is coming up in the future releases and what the new features are and when they will be available?
detailed workflow?
i have reviewed the online documents regarding the workflow: https://www.manageengine.com/patch-management/help/patch-management-workflow.html but i am looking for something more detailed. are there other documents that contain more detailed information regarding the entire workflow of the product, including the patch syncing up process from Microsoft to manage engine, then the DB syncs to the on-premises Patch Manager Server to the deployment to the test groups, syncing up with the distribution
Tracking changes in the Admin console?
the 'Wake on LAN' feature was enabled on the Admin console which caused many of our systems to briefly lose network connectivity. the action log viewer was checked but nothing was in there indicating who / what / when this was done. is there anything else i can check to see who might have been logged in to our console and made this change?
Patching Suse-based servers and desktops
ManageEngine's Patch Manager Plus is soon to offer patching support for SuSE flavour of Linux. This enables administrators to manage all security patches that are released by the SuSE Linux, for subscribed SuSE Linux servers and desktops. It allows you to identify missing SuSE package updates, install them and audit too. Patch Manager Plus helps you come one step closer to maintaining a high level of security across Linux endpoints.
What does October 2018 Patch Tuesday updates have in store for tech pros?
Microsoft has released comparatively less number of updates this month for the Patch Tuesday. Here are the complete details: New Security Bulletins : 2018-10 Security Only Quality Update for Windows Server 2008 (KB4463104) 2018-10 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4462915) 2018-10 Security Only Quality Update for Windows Server 2012 (KB4462931) 2018-10 Security Only Quality Update for Windows 8.1 and Windows Server 2012 (KB4462941) 2018-10 Cumulative Update
Next Page