Cyber Defense eMagazine May 2019
Cyber Defense eMagazine May Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Cyber Defense eMagazine May Edition for 2019 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cybersecurity expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Reflecting on April Patch Tuesday<br />
Updates This Month from Microsoft, Adobe, Wireshark, Oracle and Opera<br />
By Chris Goettl, Director of Product Management, Security, Ivanti<br />
Ever wonder why there are so many updates in April? I figure it is fate giving me an overwhelming number<br />
of updates so I can abuse the old adage about April showers bringing <strong>May</strong> flowers, but what do April<br />
patches bring us in <strong>May</strong>? Hmm… it will come to me.<br />
While I noodle over that, let’s dig into the lineup for April because it is CRAZY!!!<br />
We got updates from Microsoft, Adobe, Wireshark, Oracle (dropping on April 16), and Opera. We also<br />
have a boat-load of end-of-life notices, which raise a number of security concerns that are very timely to<br />
discuss, given the recent Arizona Tea ransomware attack that brought the company to a grinding halt.<br />
Microsoft has released 15 updates resolving 74 unique CVEs this month. These updates affect the<br />
Windows OS, Internet Explorer and Edge browsers, Office, SharePoint and Exchange. Two of the<br />
vulnerabilities (CVE-<strong>2019</strong>-0803 and CVE-<strong>2019</strong>-0859) resolved in the Windows OS are being used in<br />
exploits in the wild. These are Win32k elevation-of-privilege vulnerabilities that could allow a locally<br />
authenticated attacker to run arbitrary code in kernel mode.<br />
Adobe has released seven total updates resolving 43 unique CVEs. Adobe Reader, Acrobat, AIR, Flash,<br />
and Shockwave are the most concerning here. You can get updates for Reader, Acrobat, AIR, and Flash,<br />
but Shockwave has reached its end-of-life so no update is available for its seven critical vulnerabilities.<br />
Immediate action: remove Shockwave from your environment! Its seven vulnerabilities are going to<br />
leave the majority of Shockwave installs exposed. You can bet an exploit is imminent there.<br />
Wireshark released three updates resolving 10 CVEs. Wireshark is one of those overlooked IT tools that<br />
can pose a significant risk to your environment. Ensure it gets updated or removed where it is no longer<br />
needed.<br />
50