Microsoft December updates
Microsoft has released updates to mitigate several vulnerabilities within its systems that allow an attacker to access personal information. The list of affected products are as follows:
- Adobe Flash Player
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- .NET Framework
- Microsoft Dynamics NAV
- Microsoft Exchange Server
- Microsoft Visual Studio
- Windows Azure Pack (WAP)
If you do not have your systems managed by getNEXT, please ensure that you review the Microsoft Update Catalog or run Windows Update. getNEXT serviced endpoints will require a restart before patching is in effect.
Adobe Acrobat and Reader Patches
Adobe has released patches that help prevent a malicious entity from taking control of an affected system. This applies to Windows and Mac operating systems with products dating back to 2015. Vulnerabilities are considered critical, and updates should be installed as soon as reasonably possible.
Correctly configured systems will receive this update automatically. If you’re unsure, apply the update manually by choosing Help > Check for Updates or visit Adobe’s announcement page for more information.
Critical Firefox Vulnerability
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. If you use this browser in your workplace, it is advised that you request an update before continuing use. It is recommended that the “Automatically install updates” option is configured to be on, and you restart the app every day.
Nelson Clemente (BEng, ISO27032)
getNEXT – Systems Engineer, Cyber Security Awareness