Weekend Vulnerability and Patch Report, March 20, 2016 (Citadel Information Group)

Important Security Updates

AVG Free Edition: AVG has released version 2016.0.7497 of its 64 and 32 bit Free Edition. Updates are available on AVG’s website.

Dropbox: Dropbox has released version 3.16.1 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]

Foxit Reader: Foxit has released version of its Reader to fix two highly critical vulnerabilities. Updates are available on Foxit Software’s website.

Malwarebytes Anti-Malware: Malwarebytes has released version of its free Malwarebytes Anti-Malware. Updates are available from Malwarebytes’ website.

Mozilla Firefox: Mozilla has released version 45.0.1. Updates are available within the browser or from Mozilla’s website.

Opera: Opera has released version 36.0.2130.32. Updates are available from within the browser or from Opera’s website.

Current Software Versions

Adobe Flash [Windows 7: IE, Firefox, Mozilla]

Adobe Flash [Windows 8: IE]

Adobe Flash [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader DC 2015.010.20060

Dropbox 3.16.1 [Citadel warns against relying on security of Dropbox or other cloud-based file exchange systems. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the master Dropbox [or other] password be at least 15 characters long and different from other passwords.]

Firefox 45.0.1 [Windows]

Google Chrome 49.0.2623.87

Internet Explorer 11.0.9600.18161

Java SE 8 Update 73 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]

QuickTime 7.7.9

Safari 9.0.3 [Mac OS X Mavericks, Yosemite, El Capitan]


For Your IT Department

OpenSSH: OpenSSH has released version 7.2p2 to address a command injection vulnerability that existed in all previous versions.  Updates are available at OpenSSH’s website.

Symantec Endpoint Protection:  Symantec has released update SEP 12.1-RU6-MP4 to address a privilege escalation vulnerability. Apply update.  Additional details are available at Symantec’s website.

VMware vRealize: VMware has released updates to fix a critical vulnerability in its vRealize Automation and vRealize Business Advanced and Enterprise. Apply updates.  Additional details are available at VMware’s website.