Java 7 update has been released patching the latest zero day. Since Friday, its been hard to turn on the news without hearing about this Java vulnerability and Homeland Security’s advice to disable or remove Java. Now you don’t have to potentially denial of service yourself to be protected from this attack. Disabling the browser …
WordPress 3.4.2 was released on September 6th. It contains security updates. I have installed the update on a couple of sites without issue.
Oracle released Java JRE 1.7 update 7 and 1.6 update 35 today patching critical security holes. Most security professionals recommended disabling Java or removing it while waiting for this update. So if you’ve ignored that advice, you need to upgrade as soon as possible.
Fresh from a Flash security update released on patch Tuesday, yesterday Adobe released another security update for Flash. The security bulletin is here. “These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.”
Opera has a new version out. 12.01 The security advisory states that a maliciously formed URL could cause remote code execution
Today Adobe released security updates for Adobe Acrobat and Adobe Reader. An entry to the Adobe Secure Software Engineering Team (ASSET) Blog discusses several aspects of this security bulletin. First, Acrobat and Reader 9 will no longer be using a special version of Flash bundled with those products. Instead they will look to use what I …
Ok, so this isn’t exactly a timely post. When MS12-020 came out, it was the biggest patching frenzy I’ve seen in a while. MS12-020 was a vulnerability in the Remote Desktop Protocol. While not on by default, this protocol is often enabled on servers and by power users for remote manageability. This vulnerability in a protocol frequently exposed on the …
Continue reading ‘Using NAC to manage the response to MS12-020’ »
The deadline for getting up to date on the latest Java has come an gone. Microsoft posted on the 20th that they were seeing exploit code attacking the vulnerability in Java which Oracle patched in February. Yesterday Brian Krebs posted that an exploit for this vulnerability is now in one of the more popular exploit kits. …
Adobe today released a new version of Flash with two critical security updates. For those keeping score at home, that is the third security related Flash update this year and the second of this month. Adobe AIR also needs updating if you have that. In addition to the security fixes, this update also changes the …
I’m not one of these people who thinks that all patches need to be released on the second Tuesday in each month. But it is downright inconvenient to release patches the next day. People who manage vulnerabilities in companies are then forced to either restart the patch deployment cycle, adding in these new patches, or …