Microsoft has released 17 new security bulletins for the April 2011 edition of Patch Tuesday. These security bulletins address a record 64 vulnerabilities. There are three bulletins that administrators should address immediately.
First, Microsoft is releasing their bi-monthly update for Internet Explorer. MS11-018 fixes five vulnerabilities. Two of the vulnerabilities addressed with this security bulletin fix zero-day vulnerabilities. Just yesterday, Microsoft’s MSRC tweeted about reports of limited attacks on one of these zero-day vulnerabilities. It is extremely important to patch as soon as possible, regardless of which browser you are running. Web browsers are still, and will …
Read More»
As expected, Adobe has released critical security bulletins for Adobe Flash, Air, Reader and Acrobat.
APSB11-05 was released yesterday addressing a vulnerability (CVE-2011-0609) that is currently being exploited in the wild. It is important to address this vulnerability on your network as soon as possible. This security bulletin affects Adobe Flash Player 10 and Adobe Air 2.5.
APSB11-06 was also released and addresses the same vulnerability in Adobe Reader and Acrobat. According to Adobe, there are no reports of active attacks on this vulnerability. However, this should be patched as soon as possible. This security bulletin affects Adobe …
Read More»
Adobe released a new security advisory today addressing a zero-day vulnerability with security advisory APSA11-01. A critical vulnerability exists in Adobe Flash Player, Adobe Reader and Adobe Acrobat. Adobe has received reports of attacks against the Flash Player program but not against the other affected products.
Adobe is planning to release patches next week for Adobe Flash Player 10, Adobe Reader 9 and Adobe Acrobat 9 to address the zero-day vulnerability.
Adobe Reader X (10) and Adobe Acrobat X (10) are both also affected by this vulnerability. Due to Adobe Reader X and Acrobat X “Protected Mode,” attacks on this zero-day vulnerability …
Read More»
Microsoft has released three new security bulletins that address four vulnerabilities in the March 2011 version of Patch Tuesday. You may be asking why there are such a small number of bulletins being released this month. The low number of bulletins being released was expected as this is typically a light security bulletin release month for Microsoft.
Three of the bulletins address a vulnerability that has been discussed quite often in the past several months. Back in August 2010, Microsoft released Security Advisory 2269637. This advisory addressed an issue with DLL preloading attacks that could result in …
Read More»
Microsoft has released a new Security Advisory (2501696) today affecting all supported Windows operating systems. A vulnerability exists in the way the MHTML protocol handles MIME-formatted requests from websites. The exploit code for this vulnerability has been publicly released, but there have been no reports of attacks at this time.
Although the vulnerability exists in the operating system, the attack vector for this vulnerability is through Internet Explorer. An attacker must entice a user to click on a malicious link to successfully exploit the vulnerability. If an attacker is successful, the attacker could “spoof content, disclose information, or take …
Read More»
The Shavlik Data Team is at it again in regards to supporting even more third party products. Late last week we started supporting patching of the RealVNC product line. Tomorrow, we will be officially supporting OpenOffice for patching as well. You can expect even more product coverage this year as I am currently looking at the sheer number of products we are researching today.
On the patch side, Opera has released a new version of their browser with the release of Opera 11.01. This release is a security release fixing multiple vulnerabilities. The release notes can be found here.
Tomorrow, …
Read More»
As everyone’s focus has been on the Stuxnet virus and WikiLeaks, the news and information surrounding one of the biggest worms to hit the world has lost some traction.
Welcome back Conficker. The Conficker Working Group released their “Lessons Learned” document yesterday. The group took on the responsibility first hand with researching and limiting the infections from this very powerful virus.
The document, commissioned by the Department of Homeland Security, is very insightful on the timelines with the Conficker virus and the inner workings of the Conficker Working Group. You can find the document on the Conficker Working Group website.
- …
Read More»
In the first Patch Tuesday of 2011, Microsoft has released 2 new security bulletins addressing 3 vulnerabilities.
The first bulletin administrators should address is MS11-002. This bulletin affects MDAC on all supported operating systems and addresses two vulnerabilities. The first vulnerability cannot be exploited through Microsoft software. The vulnerability may be exploited through third party software if a user browses to a malicious website. At the time of the bulletin release, Microsoft was not aware of any programs that are affected by this vulnerability. Microsoft is patching the vulnerability. This will prevent any third party programs from …
Read More»
Microsoft has released a new security advisory (2488013) for all supported versions of Internet Explorer. The exploit code for the vulnerability has been released publicly which has prompted this new security advisory.
At this time, Microsoft is reporting limited attacks on the vulnerability, and is only releasing a security advisory at this time. Microsoft will most likely release a security bulletin to patch this vulnerability if they, or their partners, see an uptick in attacks surfacing on the Internet. The next regularly scheduled cumulative update for Internet Explorer is expected in February. If we do not see an uptick …
Read More»
NSS Labs released their Web Browser Security report for Q3 2010 today. The report is focused on testing the most widely used browsers against socially engineered malware. It is important to note this test does not focus on vulnerabilities in the browser and attacks against the vulnerabilities. Socially engineered malware are web links that are sent to users through email, instant messages and online advertisements that appear to be legitimate programs. But, the actual file or site is a malicious program. Socially engineered attacks are becoming a more prevalent attack vector with how much social media is evolving to become …
Read More»
