With Microsoft expected to drop only one patch for PowerPoint come this Patch Tuesday, IT administrators may get the (wrong) impression that they can breathe easy given the light load. However, it is important for IT admins to understand that this Patch Tuesday isn’t just about patching Microsoft’s single patch but rather fixing other security flaws that are non-MS related in order to stay current and patched. The notable vulnerabilities patched by vendors for other popular software applications include but are not limited to:

  1. Google Chrome Integer Overflow in Skia 2D Graphics Lets Remote Users Execute Arbitrary Code within the Sandboxed Browser Tab
  2. Google Chrome Input Validation Flaw in InitSkBitmapFromData() Lets Remote Users Execute Arbitrary Code
  3. F-Secure Internet Security May Fail to Scan Certain ZIP and RAR Archives
  4. F-Secure Internet Gatekeeper May Fail to Scan Certain ZIP and RAR Archives
  5. F-Secure Anti-Virus May Fail to Scan Certain ZIP and RAR Archives
  6. HP OpenView Network Node Manager Bug Lets Remote Users Execute Arbitrary Code
  7. Adobe Flash Media Server Bug Lets Remote Users Execute Remote Procedures
  8. WinFax Buffer Overflow Lets Remote Users Execute Arbitrary Code
  9. Citrix Web Interface Input Validation Hole Permits Cross-Site Scripting Attacks
  10. Citrix License Server Unspecified Bugs in Licensing Management Console Have Unspecified Impact
  11. Adobe Reader Bugs in getAnnots() and spell.customDictionaryOpen() Let Remote Users Execute Arbitrary Code
  12. Symantec Endpoint Protection Bug in Reporting Server Lets Remote Users Display Arbitrary Messages
  13. Symantec Client Security Bug in Reporting Server Lets Remote Users Display Arbitrary Messages
  14. Symantec Anti Virus Corporate Edition Bug in Reporting Server Lets Remote Users Display Arbitrary Messages
  15. Symantec Endpoint Protection Input Validation Flaw in Log Viewer Permits Remote HTML Injection Attacks
  16. Symantec Anti Virus Input Validation Flaw in Log Viewer Permits Remote HTML Injection Attacks
  17. Norton Internet Security Input Validation Flaw in Log Viewer Permits Remote HTML Injection Attacks
  18. Symantec Endpoint Protection Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
  19. Symantec Client Security Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
  20. Symantec Anti Virus Corporate Edition Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
  21. Mozilla Firefox Bug in nsTextFrame::ClearTextRun() May Let Remote Users Execute Arbitrary Code
  22. Juniper NetScreen ScreenOS Discloses Firmware Version Information to Remote Users
  23. Cisco ASA Input Validation Flaw in Clientless SSL VPN Feature Permits Cross-Site Scripting Attacks
  24. Symantec Ghost EasySetup Wizard Lets Remote Users Deny Service
  25. Symantec Brightmail Appliance Brightmail Control Center Lets Remote Authenticated Users Gain Elevated Privileges
  26. Symantec Brightmail Input Validation Flaw in Brightmail Control Center Permits Cross-Site Scripting Attacks
  27. Citrix XenApp Bug Lets Remote Users Bypass Access Policy
  28. Trend Micro OfficeScan Client Bug in Scanning Long Pathnames Lets Local Users Deny Service
  29. Sun Java System Delegated Administrator Bug Lets Remote Users Conduct HTTP Response Splitting Attacks
  30. Mozilla Firefox Stylesheet and MozSearch Bugs Permit Cross-Site Scripting Attacks and Frame Saving Bug Lets Remote Users Obtain Potentially Sensitive Data
  31. Mozilla Firefox Bug in Processing Refresh Headers Permits Cross-Site Scripting Attacks
  32. Mozilla Firefox ‘jar:’ Scheme Error Processing the ‘content-disposition:’ Header May Affect Some Web Sites
  33. Mozilla Firefox XMLHttpRequest and XPCNativeWrapper.toString Bugs Let Remote Users Bypass Same-Origin Restrictions
  34. Mozilla Firefox Bug in Processing Adobe Flash Contents Lets Remote Users Bypass Cross-Domain Restrictions
  35. Mozilla Firefox JavaScript and Browser Engine Memory Corruption Bugs May Let Remote Users Execute Arbitrary Code
  36. OpenSolaris SCTP Socket Bug Lets Local Users Deny Service
  37. HP StorageWorks Storage Mirroring Bug Lets Remote Users Execute Arbitrary Code
  38. HP StorageWorks Storage Mirroring Bug Lets Remote Users Deny Service
  39. HP StorageWorks Storage Mirroring Grants Remote Users Access to the Target Application
  40. HP Storage Essentials Secure NaviCLI Bug Grants Access to Remote Users
  41. BlackBerry Enterprise Server Input Validation Flaw in MDS Connection Service Permits Cross-Site Scripting Attacks
  42. Xpdf Buffer Overflows and Memory Errors Let Remote Users Execute Arbitrary Code
  43. Xpdf JBIG2 Decoder Bugs Let Remote Users Deny Service
  44. CUPS Integer Overflow in Processing TIFF Images Lets Remote Users Execute Arbitrary Code
  45. Sun Java System Directory Server Discloses File and Directory Existence to Remote Users
  46. IBM AIX Buffer Overflow in muxatmd Lets Local Users Gain Elevated Privileges
  47. Nortel Application Gateway 2000 Discloses Passwords to Remote Users
  48. Novell Teaming Input Validation Flaw Permits Cross-Site Scripting Attacks

Check out: http://www.securitytracker.com/archives/summary/9000.html

It is easy to get lulled into a false sense of security until you dig into the details and look at the bigger picture. In order to avoid zero-day attacks and exploits, it is critical to get your head out of the sand and do a full inventory and assessment of your IT assets (applications and OSes). By doing so, you can check on the latest security vulnerabilities that need to get addressed within your IT environment and apply remediation as soon as they are released by the vendor. In order to stay current and secure, always keep your eye on the latest fixes that are being released not just by Microsoft but other security vendors that are applicable to your environment.