Microsoft has released their scheduled monthly Security Bulletin release with 5 bulletins addressing 15 vulnerabilities.
MS11-070 addresses 1 vulnerability in the WINS service. Only Microsoft server operating systems are affected by this vulnerability (Windows 2003, Windows 2008, Windows 2008 R2). In order for an attacker to carry out an exploit, the attacker must have access and login credentials to the machine. Once on the machine, the attacker could send a malicious WINS request to the local loopback network address of the machine. This could result in elevation of privilege.
MS11-071 brings back the DLL preloading issue …
Read More»
Microsoft has announced their plans for the September 2011 edition of Patch Tuesday. Microsoft is planning to release 5 new security bulletins. Although this is Microsoft’s ‘light’ Patch Tuesday, we are seeing quite a few Microsoft products being patched this month.
Security Bulletin Breakdown:
2 bulletins affect Microsoft operating systems
3 bulletins affect Microsoft Office and server-based products
5 bulletins are rated as Important
3 vulnerabilities fixed could lead to Remote Code Execution
2 vulnerabilities fixed could lead to Elevation of Privilege
Affected Products:
All supported Microsoft operating systems
Office 2003, 2007, 2010 (Excel)
Groove Server 2007
SharePoint Workspace 2010
Excel Viewer
Office Compatibility Pack 2007
SharePoint Server 2007, 2010
Office Forms Server …
Read More»
With the August 2011 edition of Patch Tuesday, Microsoft has just released 13 bulletins addressing 22 vulnerabilities. This month marks a “heavy” month for Microsoft for Patch Tuesday.
The first bulletin administrators should look at patching first is the bi-monthly cumulative update for Microsoft Internet Explorer (MS11-057). This bulletin addresses typical vulnerabilities in Internet Explorer where browsing to a malicious website could result in remote code execution. Two of the seven vulnerabilities fixed with this bulletin are publicly known. At this time, Microsoft has not received any reports of attacks against the vulnerabilities. With any publicly disclosed …
Read More»
Microsoft has just released their advanced notification for the July 2011 edition of Patch Tuesday. Microsoft is planning to release 4 security bulletins addressing 22 vulnerabilities.
Security Bulletin Breakdown:
1 bulletin is rated Critical
3 bulletins are rated Important
2 vulnerabilities can lead to Remote Code Execution
2 vulnerabilities can lead to Elevation of Privilege
Affected Products:
All supported Microsoft operating systems
Microsoft Visio 2003
Although this is a ‘light’ Patch Tuesday month, it is important to keep an eye out for any non-Microsoft vendors releasing new updates.
We will be going through each bulletin thoroughly next Wednesday, July 13th at 11:00am CDT in part of our monthly …
Read More»
Microsoft has released 16 new bulletins in the June 2011 edition of patch Tuesday. These 16 bulletins address 34 vulnerabilities. This is quite a large patch day and, to top it off, Microsoft was late in releasing the bulletins.
The first batch of security bulletins that need immediate attention all have web browsing to a malicious website as an attack vector. As this is the number one way to be exploited, these bulletins should be rolled out first.
The following five bulletins will be prime targets for attacks in the coming days/weeks.
First up is MS11-050. This security bulletin …
Read More»
Microsoft has released two new security bulletins in the May 2011 edition of Patch Tuesday. These two bulletins address three vulnerabilities where none of the vulnerabilities are publicly known.
The security bulletin that administrators should look at patching first is MS11-035. This security bulletin affects the WINS service on all supported Microsoft server products (Windows 2003 and 2008). An attacker sending specially crafted to a Windows Server running WINS could result in remote code execution.
The second bulletin (MS11-036) affects older versions of the Microsoft PowerPoint product. Opening a malicious PowerPoint document could lead to remote …
Read More»
********** UPDATE **********
RealNetworks has released the details on their security bulletin. The new version of Real Player fixes two vulnerabilities. More information can be found here.
*******************************
Non-Micorosoft vendors are joining in on Microsoft’s Patch Tuesday.
RealNetworks is planning to release a new version of the RealPlayer program today. We have seen a download available for RealPlayer, but the security update page has not been updated. Keep watching RealNetworks for a security update today. The advanced notification from RealNetworks can be found here.
Opera released a new version of the Opera Browser with 11.10. This is …
Read More»
Microsoft has released 17 new security bulletins for the April 2011 edition of Patch Tuesday. These security bulletins address a record 64 vulnerabilities. There are three bulletins that administrators should address immediately.
First, Microsoft is releasing their bi-monthly update for Internet Explorer. MS11-018 fixes five vulnerabilities. Two of the vulnerabilities addressed with this security bulletin fix zero-day vulnerabilities. Just yesterday, Microsoft’s MSRC tweeted about reports of limited attacks on one of these zero-day vulnerabilities. It is extremely important to patch as soon as possible, regardless of which browser you are running. Web browsers are still, and will …
Read More»
As expected, Adobe has released critical security bulletins for Adobe Flash, Air, Reader and Acrobat.
APSB11-05 was released yesterday addressing a vulnerability (CVE-2011-0609) that is currently being exploited in the wild. It is important to address this vulnerability on your network as soon as possible. This security bulletin affects Adobe Flash Player 10 and Adobe Air 2.5.
APSB11-06 was also released and addresses the same vulnerability in Adobe Reader and Acrobat. According to Adobe, there are no reports of active attacks on this vulnerability. However, this should be patched as soon as possible. This security bulletin affects Adobe …
Read More»
Adobe released a new security advisory today addressing a zero-day vulnerability with security advisory APSA11-01. A critical vulnerability exists in Adobe Flash Player, Adobe Reader and Adobe Acrobat. Adobe has received reports of attacks against the Flash Player program but not against the other affected products.
Adobe is planning to release patches next week for Adobe Flash Player 10, Adobe Reader 9 and Adobe Acrobat 9 to address the zero-day vulnerability.
Adobe Reader X (10) and Adobe Acrobat X (10) are both also affected by this vulnerability. Due to Adobe Reader X and Acrobat X “Protected Mode,” attacks on this zero-day vulnerability …
Read More»
