Last updated at Thu, 20 Jul 2017 20:45:36 GMT
This month Microsoft has released 13 security bulletins, once again this affects all supported platforms and includes remote code execution and elevation of privilege vulnerabilities. To accompany these patch updates, Adobe has released new versions of Reader, Acrobat and Flash Player resulting in vulnerability fixes for 52 CVEs (most of which are rated as critical). Of the 13 Microsoft bulletins, 3 are rated as critical and require user interaction for exploitability, this is typical of attacks performed via phishing (remind your users to be vigilant with emailed files and malicious links).
Sliding in slightly under the radar this month is MS15-055 which resolves an information disclosure vulnerability (CVE-2015-1716) in Schannel when the configuration allows a weak DHE key length of 512bits on an encrypted TLS session. This information disclosure vulnerability is nothing serious for now, but expect that over time as security researchers study this exploit path, it'll result in far more serious flaws. Take a look at: https://support.microsoft.com/en-us/kb/3061518 for steps required to configure the ClientMinKeyBitLength DWord registry entry.
Overall this is a pretty low key update Tuesday, fortunately that clears the way for administrators to focus their attention of the recently published VENOM vulnerability (CVE-2015-3456), you can find more info on VENOM here: https://youtu.be/JeqJSK3NXWU.
