Security Alert: Urgent Security Updates for September 2023
Date:
2023-09-13 16:00:00
Status:
Closed
Brief Description:
Critical zero-day vulnerabilities have been identified in various software, including: Adobe Acrobat and Acrobat Reader, common web browsers and email clients, Microsoft Office on Windows, and the Microsoft Windows OS. Patch now.
Current Status:
N/A
Services Affected:
Certified Desktop
Servers
Full Description:
Critical zero-day vulnerabilities have been identified in various software, including: Adobe Acrobat and Acrobat Reader, common web browsers and email clients, Microsoft Office on Windows, and the Microsoft Windows OS. All vulnerabilities are stated to be under known active exploitation or have a proof-of-concept exploit publicly available.
Vendors have released updates patching these vulnerabilities. Vulnerable software is listed below. Apply patches as soon as possible.
Vulnerable software:
• Adobe Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020 (macOS and Windows)
• Google Chrome (macOS, Windows, and Linux)
• Microsoft Edge (macOS, Windows, and Linux)
• Mozilla Firefox and Firefox ESR (macOS, Windows, and Linux)
• Mozilla Thunderbird (macOS, Windows, and Linux)
• Microsoft Office (Windows only)
• Microsoft Windows OS (all supported versions)
Certified Desktop customers:
• Windows: Patches for vulnerable third-party software will be automatically installed via SecTeer VulnDetect. Patches for Microsoft Windows will be available today, Wednesday, September 13, with an install deadline of 4:00 pm on Thursday, September 14. A restart will be required.
• macOS: Patches for vulnerable third-party software will be available today, Wednesday, September 13, with an install deadline of approximately 4:00 pm on Thursday, September 14.
Unmanaged computers:
Apply the latest updates for all listed software above. Refer to the References below for patch details and version information. Update to the listed versions or newer.
This supersedes a prior alert specific to Google Chrome and Microsoft Edge titled “Security Alert: Urgent Google Chrome/Microsoft Edge Patch”, published on Tuesday, September 12.
References:
Adobe Security Bulletin: https://helpx.adobe.com/security/products/acrobat/apsb23-34.html
Google Chrome Releases: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
Release Notes for Microsoft Edge Security Updates: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Mozilla Security Advisory 2023-40: https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
Microsoft Office – CVE-2023-36761: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761
Microsoft Windows – CVE-2023-36802: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802
Vendors have released updates patching these vulnerabilities. Vulnerable software is listed below. Apply patches as soon as possible.
Vulnerable software:
• Adobe Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020 (macOS and Windows)
• Google Chrome (macOS, Windows, and Linux)
• Microsoft Edge (macOS, Windows, and Linux)
• Mozilla Firefox and Firefox ESR (macOS, Windows, and Linux)
• Mozilla Thunderbird (macOS, Windows, and Linux)
• Microsoft Office (Windows only)
• Microsoft Windows OS (all supported versions)
Certified Desktop customers:
• Windows: Patches for vulnerable third-party software will be automatically installed via SecTeer VulnDetect. Patches for Microsoft Windows will be available today, Wednesday, September 13, with an install deadline of 4:00 pm on Thursday, September 14. A restart will be required.
• macOS: Patches for vulnerable third-party software will be available today, Wednesday, September 13, with an install deadline of approximately 4:00 pm on Thursday, September 14.
Unmanaged computers:
Apply the latest updates for all listed software above. Refer to the References below for patch details and version information. Update to the listed versions or newer.
This supersedes a prior alert specific to Google Chrome and Microsoft Edge titled “Security Alert: Urgent Google Chrome/Microsoft Edge Patch”, published on Tuesday, September 12.
References:
Adobe Security Bulletin: https://helpx.adobe.com/security/products/acrobat/apsb23-34.html
Google Chrome Releases: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html
Release Notes for Microsoft Edge Security Updates: https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Mozilla Security Advisory 2023-40: https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
Microsoft Office – CVE-2023-36761: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761
Microsoft Windows – CVE-2023-36802: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802
CIT TDX ID: