January 2019 Patch Tuesday forecast: Partly cloudy followed by heavy fog around Java

From helpnetsecurity.com

2018 ended with a bit of excitement. Shortly after November Patch Tuesday we saw a pair of Flash Player zero-days (November 20 and December 5), which were followed by just about everything Microsoft could release on December Patch Tuesday. Then Microsoft released an emergency patch on December 19 to resolve a JScript zero-day that could be exploited through Internet Explorer simply by visiting a malicious website.

Fingers crossed, we might be looking at a lighter Patch Tuesday in January with a few more releases spread across the month. Here’s a rundown of the usual suspects.

January Patch Tuesday forecast

  • Microsoft – Expect Windows and Office updates. Likely we will see only one or two other products at most since the majority of the Microsoft products received updates in December.
  • Adobe – announced a prenotification for Acrobat and Reader (APSB19-02) with an expected release date of Thursday, January 3. You can also expect an Adobe Flash Player update on Patch Tuesday.
  • Oracle – is scheduled for their quarterly Critical Patch Update (CPU) on January 15, so don’t lose sight of this one. This will be the last general availability update for Java 8 JRE and the future of Java is a bit unclear. Read on for some rising concerns around this.
  • Mozilla – Firefox is likely due for another update either later this week or around Patch Tuesday. Firefox is pretty consistent on receiving updates once to twice monthly.
  • Google – Chrome 72 Stable Release is expected around January 29.

Read more…