Patch Tuesday

Adobe Security Bulletins Posted APSB14-11 – Security hotfix available for Adobe Illustrator (CS6) APSB14-14 – Security updates available for Adobe Flash Player  APSB14-15 – Security updates available for Adobe Reader and Acrobat Microsoft updates Posted Not so bad, but the days not over yet 🙂

Java 7 update 11 released

Java 7 update has been released patching the latest zero day. Since Friday, its been hard to turn on the news without hearing about this Java vulnerability and Homeland Security’s advice to disable or remove Java.  Now you don’t have to potentially denial of service yourself to be protected from this attack. Disabling the browser …

Continue reading ‘Java 7 update 11 released’ »

Get your Java While Its Hot

Oracle released Java JRE 1.7 update 7 and 1.6 update 35 today patching critical security holes. Most security professionals recommended disabling Java or removing it while waiting for this update.   So if you’ve ignored that advice, you need to upgrade as soon as possible.

Yet another Flash Update

Fresh from a Flash security update released on patch Tuesday, yesterday Adobe released another security update for Flash. The security bulletin is here. “These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.”

Acrobat and Reader Updates: APSB12-08

Today Adobe released security updates for Adobe Acrobat and Adobe Reader. An entry to the Adobe Secure Software Engineering Team (ASSET) Blog discusses several aspects of this security bulletin. First, Acrobat and Reader 9 will no longer be using a special version of Flash bundled with those products.   Instead they will look to use what I …

Continue reading ‘Acrobat and Reader Updates: APSB12-08’ »

Using NAC to manage the response to MS12-020

Ok, so this isn’t exactly a timely post. When MS12-020 came out, it was the biggest patching frenzy I’ve seen in a while.   MS12-020 was a vulnerability in the Remote Desktop Protocol.   While not on by default, this protocol is often enabled on servers and by power users for remote manageability.   This vulnerability in a protocol frequently exposed on the …

Continue reading ‘Using NAC to manage the response to MS12-020’ »

Java exploitation on the rise

The deadline for getting up to date on the latest Java has come an gone. Microsoft posted on the 20th that they were seeing exploit code attacking the vulnerability in Java which Oracle patched in February. Yesterday Brian Krebs posted that an exploit for this vulnerability is now in one of the more popular exploit kits.  …

Continue reading ‘Java exploitation on the rise’ »

Update for the Flash Updater

Adobe today released a new version of Flash with two critical security updates.  For those keeping score at home, that is the third security related Flash update this year and the second of this month.   Adobe AIR also needs updating if you have that. In addition to the security fixes, this update also changes the …

Continue reading ‘Update for the Flash Updater’ »