Patch Tuesday September 2019 updates from ManageEngine
Good day. Quick update on the September 2019 Patch Tuesday. New Security Bulletins : 2019-09 Security Update for Adobe Flash Player for Windows (KB4516115) 2019-09 Security Only Quality Update for Windows Server 2008 (KB4516051) 2019-09 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4516033) 2019-09 Security Only Quality Update for Windows Server 2012 (KB4516062) 2019-09 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4516064) 2019-09 Cumulative
Patch Tuesday August 2019 updates from ManageEngine
Good day. Quick update on the August 2019 Patch Tuesday. New Security Bulletins : 2019-08 Security Only Quality Update for Windows Server 2008 (KB4512491) 2019-08 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4512486) 2019-08 Security Only Quality Update for Windows Server 2012 (KB4512482) 2019-08 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4512489) 2019-08 Cumulative Update for Windows 10 Version 1809 and Windows Server 2019 (KB4511553) 2019-08
July 2019 Patch Tuesday updates
New Security Bulletins : 2019-07 Security Only Quality Update for Windows Server 2008 (KB4507461) (CVE-2019-1132) 2019-07 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4507456) (CVE-2019-1132) 2019-07 Security Only Quality Update for Windows Server 2012 (KB4507464) (CVE-2019-0880) 2019-07 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4507457) (CVE-2019-0880) 2019-07 Cumulative Update for Windows 10 Version 1803 and Windows Server 2016 (1803)
Mozilla fixed Zero-day vulnerabilities in Firefox
Mozilla addressed two zero-day vulnerabilities in Mozilla Firefox that were being used in targeted attacks in the wild. CVE-2019-11707 is a type confusion vulnerability in Mozilla Firefox that can result in an exploitable crash. CVE-2019-11708 is a sandbox escape vulnerability. Combining both CVE-2019-11708 and CVE-2019-11707, attackers can perform arbitrary code execution. Thunderbird is also affected but generally cannot be exploited since scripting is disabled when reading mail. Following this,
Microsoft Patch Tuesday updates for June 2019
New Security Bulletins : 2019-06 Security Update for Adobe Flash Player for Windows (KB4503308) 2019-06 Security Only Quality Update for Windows Server 2008 (KB4503287) 2019-06 Security Only Quality Update for Windows 7 and Windows Server 2008 R2 (KB4503269) 2019-06 Security Only Quality Update for Windows Server 2012 (KB4503263) 2019-06 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2 (KB4503290) 2019-06 Cumulative Update for Windows 10 Version 1607 and Windows Server 2016
Microsoft releases a fix for the Wormable vulnerability(CVE-2019-0708)
Microsoft released this month's edition of Patch Tuesday with fix for a highly critical vulnerability. This vulnerability (CVE-2019-0708), dubbed "Wormable vulnerability", resides in "Remote Desktop Services" component and could be exploited remotely by sending specially crafted requests over RDP(Remote Desktop Protocol) to a targeted system. This vulnerability is present in Windows 7, Windows Server 2008 R2, Windows Server 2008 and in older versions like Windows XP and Windows 2003 as well.
Critical bug fixes in Google Chrome 74.0.3729.108
The Chrome team has rolled out the latest version Chrome 74.0.3729.108 with a huge list of bug fixes and improvements. This update comes with nearly 39 security fixes. Below is the list of CVE IDs that are mentioned 'Critical' CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5812 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5816 CVE-2019-5817 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-2019-5822 CVE-2019-5823 To patch
Remote code execution vulnerability found in Apache Tomcat for Windows
Almots all the major versions (Apache Tomcat 7.x, Apache Tomcat 8.x and Apache Tomcat 9.x ) of the widely used server application Apache Tomcat, are affected with a remote code execution vulnerability (CVE-2019-0232). A Remote code execution vulnerability is a critical vulnerability that allows an attacker to access your system and make changes, no matter where they are. This vulnerability is fixed in the latest update for each Apache Tomcat release. Thererefore, it is imperative that you detect
Apache 2.4.39 to fix important web server vulnerabilities
The CVE-2019-0211, a privilege escalation vulnerability, affecting Apache versions 2.4.17 to 2.4.38 could allow any under-privileged user to execute arbitrary code on the targeted server with root privileges. This vulnerability along with three low and two other important severity issues are addressed in the latest Apache httpd 2.4.39 version. With Vulnerability Manager Plus, you can detect these vulnerabilities and your network servers that are affected by these vulnerabilities. It is advisable
Google Chrome is affected by zero day vulnerabilities
Zero day vulnerabilities have been disclosed for different versions of Chrome. Vulnerability Affected versions Type confusion vulnerability in JSPromise::TriggerPromiseReactions Google Chrome 72.0.3626.96 (Official Build) (64-bit) Google Chrome 74.0.3702.0 (Official Build) dev (64-bit) Type confusion vulnerability in V8TrustedTypePolicyOptions::ToImpl Google Chrome 72.0.3626.81 (Official Build) (64-bit) Internal object leak vulnerability in ReadableStream Not known To know which systems
Microsoft warns BSOD on devices after enabling EUDC
Microsoft has warned that if per font end-user-defined characters (EUDC) is enabled, the system will stop working and a blue screen will appear at startup. But it can be avoided if you don't install the following updates: KB4489894, KB4489890, KB4489888 and KB4489889. Vulnerability Manager Plus has suspended these updates and for users who already have these updates in your endpoints, kindy follow the steps given in the Microsoft's official KB article. https://support.microsoft.com/en-in/help/4496149
Critical updates released for Mozilla Thunderbird, iCloud, and iTunes
Apple and Mozilla have released critical updates in their products — iCloud 7.11.0.19, iTunes 12.9.4.102 and Thunderbird 60.6.1 respectively. Vulnerability Manager Plus now supports patching for these updates. Below are the CVE IDs of the vulnerabilities that are addressed in the latest update for each application. Application: iCloud (7.11.0.19) CVE IDs addressed: CVE-2019-8542,CVE-2019-6232,CVE-2019-8506,CVE-2019-8535,CVE-2019-6201,CVE-2019-8518,CVE-2019-8523,CVE-2019-8524,CVE-2019-8558,CVE-2019-8559,CVE-2019-8563,CVE-2019-8515,CVE-2019-8536,CVE-2019-8544,CVE-2019-7285,CVE-2019-8556,CVE-2019-8503,CVE-2019-7292,CVE-2019-8551,CVE-2019-6236.
Critical security updates released for Firefox 66.0.1
Mozilla has released updates to address two critical vulnerabilities in Firefox 66.0.1 and Firefox 66.6.1 ESR (Extended Support Release). These vulnerabilities, that are addressed in CVE-2019-9810 and CVE-2019-9813, come as fixes for incorrect handling of files in IonMonkey (Mozilla's JIT compiler for SpiderMonkey). Vulnerability Manager Plus now supports these critical Mozilla updates. To patch your Mozilla Firefox with these latest critical updates, look for Patch IDs 309305,309306,309307 and 309309.
Chrome 73 to patch a huge list of critical vulnerabilities
Google Chrome has rolled out Chrome 73 for Windows, Mac and Linux. Around 60 security fixes are included in the Chrome 73.0.3683.75 update. Below is a highlighted list of fixes that address critical vulnerabilities: Workaround: Search for the following patch IDs: 309179 (for 32 bit) ,309181 (for 64) in Vulnerability Manager Plus and deploy them immediately to stay secure against the above mentioned vulnerabilities.
Launching Vulnerability Manager Plus: Hunt down security loopholes with 100% precision
Amp up your endpoint security game with ManageEngine's all-new Vulnerability Manager Plus. Pinpoint, prioritize, and eliminate vulnerabilities with ease. With Vulnerability Manager Plus' 360-degree visibility, you can eliminate blind spots, uncover exposed areas of your network, and seal security loopholes before they lead to a breach. Vulnerability Manager Plus delivers the threat intelligence necessary to predict real risks from a plethora of vulnerabilities, and acts as a strategic partner in
Announcements
Misconfigurations with Associated CVEs
Some misconfigurations have associated CVEs. Previously, these CVEs were only mentioned in the misconfiguration description and were not displayed in the Vulnerabilities view or the Detected CVEs view. Enhancement We have enhanced the detection logic
Zero day alert: CVE-2026-45585
CVE-2026-45585 is a Windows security feature bypass zero-day vulnerability, publicly known as “YellowKey", that targets the protections provided by Microsoft BitLocker full-disk encryption. This vulnerability can allow an attacker with physical access
Zero day Alert: Microsoft Defender Vulnerabilities (Actively Exploited)
Microsoft has disclosed two actively exploited zero-days affecting Microsoft Defender, including a privilege escalation flaw and a denial-of-service issue. The vulnerabilities have been patched in updated Defender Antimalware Platform releases, and organizations
Google patches multiple critical vulnerabilities in Chrome 147.0.7727.137/138 Stable Channel update
Hello everyone, Chrome Stable Channel has been updated to 147.0.7727.137/138 for Windows and Mac, and 147.0.7727.137 for Linux. This update comes with 30 security fixes, including multiple Critical severity vulnerabilities. The details of the critical
ManageEngine Security Compliance Benchmarks
Built and continuously curated by the dedicated security research team at ManageEngine, ManageEngine Security Benchmarks provide industry-aligned security hardening recommendations for operating systems, applications, browsers, and enterprise technologies.