According to their Bulletin Summary for December, Microsoft released 17 security updates for Windows, Office, Internet Explorer (IE), and more. Read more “Microsoft Black Tuesday: Might as well be a record Patch Day.”

Summary: These vulnerabilities affect: Firefox 3.6.x and 3.5.x for Windows, Linux, and Macintosh How an attacker exploits it: Typically by enticing one of your users to visit a malicious web page Impact: Various results; in the worst case, an attacker executes code on your user’s computer, gaining complete control of it What to do: Upgrade to Firefox 3.6.13 (or 3.5.16), or let Firefox’s automatic update do it for you Exposure: Last week, Mozilla released a Firefox update fixing 13 (count based on CVE number) vulnerabilities in their popular multi-platform web browser. Read more “December Firefox Update Corrects a Bunch of Critical Vulnerabilities”

If you were looking forward to a slow, relaxing Patch Day this December, it’s time to reset your expectation. Microsoft plans to fill your network stocking with updates next Tuesday. Click through to learn how many updates to expect. Read more “Expect a stocking full of Microsoft patches for Christmas”

By admin / Security AlertsTech-Blog / / 0 Comments

Summary: These vulnerabilities affect: QuickTime 7.6.8 and earlier for Windows and Mac How an attacker exploits them: By enticing your user into viewing a maliciously crafted movie or image file Impact: An attacker could execute code on your user’s computer, potentially gaining control of it What to do: Download and install QuickTime 7.6.9 as quickly as possible, or let Apple’s Software Update tool do it for you Exposure: Late Yesterday, Apple released a security update to fix 15 media handling vulnerabilities that affect both the Windows and Mac version of QuickTime, their popular media player. The flaws vary quite a bit technically, but most of them share the same general scope and impact Read more “Pictures and Videos Pose a Threat to Quicktime for Windows and Mac”

Late last week, the developers of a popular open source FTP server, ProFTPD,  warned that they’ve accidentally been distributing a booby-trapped version of their FTP server’s source code. Read more “Official ProFTPD source code “backdoored” via a zero day flaw”

ProFTPD warned that they’ve been distributing a booby-trapped version of their FTP server’s source code. Read more “Official ProFTPD source code "backdoored" via a zero day flaw”

Summary: These vulnerabilities affect: All current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard) How an attacker exploits them: Multiple vectors of attack, including enticing your users into downloading and viewing various documents or images Impact: Various results; in the worst case, an attacker executes code on your user’s computer What to do: OS X administrators should download, test and install OS X 10.6.5 or Security Update 2010-007 as soon as possible, or let Apple’s Software updater do it for you. Exposure: Today, Apple released a security update to fix vulnerabilities in all current versions of OS X. The update fixes 134 (number based on CVE-ID s) security issues in 34 components that ship as part of OS X or OS X Server, including Quicktime, ImageIO, and Apache. Some of the fixed vulnerabilities include: Multiple ImageIO Buffer Overflow Vulnerability. Read more “Huge OS X Update Closes 134 Security Holes”

Summary: These vulnerabilities affect: Most current versions of Microsoft Office, and the components that ship with it How an attacker exploits it: Typically by enticing one of your users to open a malicious Office document Impact: In the worst case, an attacker executes code on your user’s computer, gaining complete control of it What to do: Install Microsoft Office updates as soon as possible, or let Microsoft’s automatic update do it for you Exposure: As part of today’s Patch Day, Microsoft released two security bulletins describing seven vulnerabilities found in components that ship with most current versions of Microsoft Office for Windows and Mac. The vulnerabilities affect different versions of Office to varying degrees. Though the seven vulnerabilities differ technically, and affect different Office components, they share the same general scope and impact Read more “Two Office Security Bulletins Fix Seven Vulnerabilities”

Microsoft plans to release three security bulletins tomorrow, 9 November. The security bulletins will cover vulnerabilities in Office and Forefront Unified Access Gateway. Microsoft rates one of the Office bulletins as Critical, and the rest as Important. Read more “November Patch Day brings Office and Forefront updates.”

As expected, Microsoft released three security bulletins; two for Office (and the components that ship with it), and one for Forefront Unified Access Gateway. Unfortunately, they did not release any surprise bulletins or updates to fix the zero day Intern Read more “Microsoft Black Tuesday: Seven Office vulnerabilities make documents dangerous”