Audits
Weekend Vulnerability and Patch Report, March 20, 2016 (Citadel Information Group)
Story Highlights
Important Security Updates
AVG Free Edition: AVG has released version 2016.0.7497 of its 64 and 32 bit Free Edition. Updates are available on AVG’s website.
Dropbox: Dropbox has released version 3.16.1 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]
Foxit Reader: Foxit has released version 7.3.4.0311 of its Reader to fix two highly critical vulnerabilities. Updates are available on Foxit Software’s website.
Malwarebytes Anti-Malware: Malwarebytes has released version 2.2.1.1043 of its free Malwarebytes Anti-Malware. Updates are available from Malwarebytes’ website.
Mozilla Firefox: Mozilla has released version 45.0.1. Updates are available within the browser or from Mozilla’s website.
Opera: Opera has released version 36.0.2130.32. Updates are available from within the browser or from Opera’s website.
Current Software Versions
Adobe Flash 21.0.0.182 [Windows 7: IE, Firefox, Mozilla]
Adobe Flash 21.0.0.182 [Windows 8: IE]
Adobe Flash 21.0.0.182 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader DC 2015.010.20060
Dropbox 3.16.1 [Citadel warns against relying on security of Dropbox or other cloud-based file exchange systems. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the master Dropbox [or other] password be at least 15 characters long and different from other passwords.]
Firefox 45.0.1 [Windows]
Google Chrome 49.0.2623.87
Internet Explorer 11.0.9600.18161
Java SE 8 Update 73 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.7.9
Safari 9.0.3 [Mac OS X Mavericks, Yosemite, El Capitan]
Skype 7.21.0.100
For Your IT Department
OpenSSH: OpenSSH has released version 7.2p2 to address a command injection vulnerability that existed in all previous versions. Updates are available at OpenSSH’s website.
Symantec Endpoint Protection: Symantec has released update SEP 12.1-RU6-MP4 to address a privilege escalation vulnerability. Apply update. Additional details are available at Symantec’s website.
VMware vRealize: VMware has released updates to fix a critical vulnerability in its vRealize Automation and vRealize Business Advanced and Enterprise. Apply updates. Additional details are available at VMware’s website.