Hi Micronet, Here is a brief overview of the patch Tuesday updates. Microsoft released 13 bulletins of which 5 are rated critical. There are critical fixes with the potential for remote code execution IE, Edge, Microsoft Word, Windows Media Play, the font rendering library, and the Microsoft PDF library.
Adobe released three critical security updates for Adobe Acrobat and Reader with a priority rating of 2, meaning that there is a high risk, but there is no known exploit yet. If you also use Adobe Digital Editions, there is a critical fixe for that as well. All of these potentially involve remote code execution, you should patch ASAP. There was no Flash update this month, but Adobe says one is coming soon. Google releases and update to the stable channel version 49.0.2623.87 with three security fixes rated high. Mozilla released Firefox 45 with 8 critical and 7 high severity security fixes . If you run PuTTY, then you should also upgrade since the project released version 0.67, which contains several security fixes and the installer and executable are now signed. If you run WinSCP, you should patch that as well due to both the PuTTY upgrades and the OpenSSL upgrades. There were no security patches from Apple today. Since it is always worth mentioning, the next Oracle quarterly Critical Patch Update is April 19. References: 2016 Bulletin Summaries https://technet.microsoft.com/en-us/library/security/mt637780.aspx Security Advisories 2016 https://technet.microsoft.com/en-us/library/security/mt631688.aspx March 2016 Security Update Release Summary - Microsoft Security Response Center - Site Home - TechNet Blogs http://blogs.technet.com/b/msrc/archive/2016/03/08/march-2016-security-update-release-summary.aspx March 2016 Office Update Release | Office Updates https://blogs.technet.microsoft.com/office_sustained_engineering/2016/03/09/march-2016-office-update-release/ Office Updates https://technet.microsoft.com/en-us/library/dn789213(v=office.14).aspx March 2016 Microsoft Patch Tuesday Security Bulletins | Threatpost | The first stop for security news https://threatpost.com/microsoft-patches-critical-vulnerabilities-in-its-browsers/116664/ March 2016 Adobe Acrobat, Reader, Digital Editions Patches | Threatpost | The first stop for security news https://threatpost.com/adobe-patches-reader-and-acrobat-teases-upcoming-flash-update/116662/ Patch Tuesday March 2016 - Qualys Blog https://blog.qualys.com/laws-of-vulnerabilities/2016/03/08/patch-tuesday-march-2016#more-22842 March Patch Tuesday 2016 | Shavlik http://blog.shavlik.com/march-patch-tuesday-2016/ Microsoft Patch Tuesday - SANS Internet Storm Center https://isc.sans.edu/mspatchdays.html?viewday=2016-03-08 Adobe Security Bulletin https://helpx.adobe.com/security/products/acrobat/apsb16-09.html Security Updates Available for Adobe Acrobat and Reader Release date: March 3, 2016 Last updated: March 8, 2016 Vulnerability identifier: APSB16-09 Priority: 2 CVE Numbers: CVE-2016-1007, CVE-2016-1008, CVE-2016-1009 Platform: Windows and Macintosh Adobe Security Bulletin https://helpx.adobe.com/security/products/Digital-Editions/apsb16-06.html Security update available for Adobe Digital Editions Release date: March 8, 2016 Vulnerability identifier: APSB16-06 Priority: 3 CVE number: CVE-2016-0954 Platform: Windows, Macintosh, iOS and Android Chrome Releases: Stable Channel Update http://googlechromereleases.blogspot.com/2016/03/stable-channel-update_8.html Firefox - Notes (45.0) - Mozilla https://www.mozilla.org/en-US/firefox/45.0/releasenotes/ Security Advisories for Firefox - Mozilla https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45 Firefox 45 for developers - Mozilla | MDN https://developer.mozilla.org/en-US/Firefox/Releases/45 Firefox 45: Find out what is new - gHacks Tech News http://www.ghacks.net/2016/03/08/firefox-45-find-out-what-is-new/ PuTTY Change Log http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html WinSCP :: Official Site :: Download https://winscp.net/eng/download.php#notification Thank you, Ben Gross Manager, Endpoint Engineering and Infrastructure Information Services and Technology Division University of California, Berkeley bengr...@berkeley.edu
------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. ANNOUNCEMENTS: To send announcements to the Micronet list, please use the micronet-annou...@lists.berkeley.edu list.
