Posts

Patch Tuesday January 2014

Microsoft has released updates to address vulnerabilities in Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, as part of the Microsoft Security Bulletin Summary for January 2014. These vulnerabilities could allow remote code execution, elevation of privilege or a denial of service.

Adobe has released security updates for Adobe Flash Player (11.9.900.170) and earlier versions for Windows, Macintosh, Adobe Flash Player (11.2.202.332), and Linux to address multiple vulnerabilities that may allow an attacker to take control of the affected system.

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh to address multiple vulnerabilities affecting the following software versions:
Adobe Reader XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
Adobe Reader X (10.1.8) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
Adobe Acrobat X (10.1.8) and earlier 10.x versions for Windows and Macintosh
Exploitation of these vulnerabilities could lead to a crash or potentially allow an attacker to take control of the affected system.

Oracle has released its Critical Patch Update for January 2014 to address 144 vulnerabilities across multiple products. This update contains the following security fixes:
5 for Oracle Database Server
22 for Oracle Fusion Middleware
2 for Oracle Hyperion
4 for Oracle E-Business Suite
16 for Oracle Supply Chain Products Suite
17 for Oracle PeopleSoft Products
2 for Oracle Siebel CRM
1 for Oracle iLearning
1 for Oracle Financial Services Software
36 for Oracle Java SE
11 for Oracle and Sun Systems Products Suite
9 for Oracle Virtualization
18 for Oracle MySQL

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms14-jan
http://helpx.adobe.com/security/products/acrobat/apsb14-01.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://helpx.adobe.com/security/products/flash-player/apsb14-02.html
http://www.us-cert.gov/ncas/current-activity/2014/01/10/Microsoft-Releases-Advance-Notification-January-Security-Bulletin
https://www.us-cert.gov/ncas/current-activity/2014/01/14/Adobe-Releases-Security-Updates-Adobe-Flash-Player
https://www.us-cert.gov/ncas/current-activity/2014/01/14/Oracle-Releases-January-2014-Security-Advisory
https://www.us-cert.gov/ncas/current-activity/2014/01/14/Adobe-Releases-Security-Updates-Adobe-Reader-and-Acrobat

Patch Tuesday December 2013

This month, Adobe and Microsoft has released a few patches for vulnerabilities that you should apply as soon as possible.
Microsoft on their end has released 5 critical and 6 important fixes for vulnerabilities, while Adobe has released 2 critical ones.

The Microsoft ones span from OS, Office, Internet Explorer and Lync.

Adobe has released a security update for Adobe Shockwave Player 12.0.6.147 and earlier versions on the Windows and Macintosh operating systems. This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 12.0.6.147 and earlier versions update to Adobe Shockwave Player 12.0.7.148 using the instructions provided in the “Solution” section below.

Adobe has released security updates for Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.327 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331. Adobe Flash Player 11.6 and later provide a mitigation against this attack.

More information:
http://helpx.adobe.com/security/products/shockwave/apsb13-29.html
http://helpx.adobe.com/security/products/flash-player/apsb13-28.html

Patch Tuesday November 2013

Another month, another patch tuesday. This month, Microsoft has released three critical and five important updates.
Adobe on the other hand has released security updates for Adobe Flash Player and ColdFusion to address multiple vulnerabilities.
These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms13-nov
http://www.adobe.com/support/security/bulletins/apsb13-26.html
http://www.adobe.com/support/security/bulletins/apsb13-27.html

Patch Tuesday September 2013

Another month, another patch Tuesday!
This month, Microsoft have released eight updates for 23 unique security issues which are recommended to upgrade as soon as possible. The updates consist of updates for Internet Explorer and for the operating system itself.
Adobe on the other hand have updated their Adobe Flash Player, Adobe Shockwave Player as well as Adobe Reader and Acrobat.

The Microsoft updates has Four critical updates that should be applied as soon as possible, as well as eleven important updates. The vulnerabilities fixes issues such as Remote Code Execution to Elevation of Privileges, Information Disclosure, and Denial of Service attacks.
The Adobe updates mitigates vulnerabilities that could let an attacker take control over your computer, so it’s recommended to upgrade as soon as possible.

More information:
Microsoft Patch Tuesday September 2013
Adobe Flash Player
Adobe Shockwave Player
Adobe Reader and Acrobat

Patch Tuesday August 2013

Another month, another patch Tuesday!
This month, Microsoft have released eight updates for 23 unique security issues which are recommended to upgrade as soon as possible. The updates consist of updates for Internet Explorer and for the operating system itself.

More information
http://technet.microsoft.com/en-us/security/bulletin/ms13-aug

Patch Tuesday July 2013

Another month, another patch tuesday!
This month, Microsoft have fixed seven issues. Six of them are marked as critical and allows for Remote Code Execution through various Microsoft applications, while one is marked as important and allows for elevation of privileges in the Bitdefender application. Adobe updated their ColdFusion software to fix a vulnerability. It is highly recommended to apply these fixes as soon as possible.

More information: http://technet.microsoft.com/en-us/security/bulletin/ms13-jul
http://www.adobe.com/support/security/bulletins/apsb13-19.html

Patch Tuesday June 2013

Patch Tuesday is upon us yet again. This time, Microsoft fixes one Critical issue and four Important issues. It’s advised to apply these as soon as possible through Windows Update.

  • Critical Windows and Internet Explorer: Can allow remote code to be executed.
  • Important Windows: May allow data to leave the vulnerable system.
  • Important Windows: Exploit may create a Denial of Service (DDoS).
  • Important Windows: May allow privilege elevation.
  • Important Office: (Windows and OS X): Can allow remote code to be executed.


Adobe on the other hand, have released an update to Adobe Flash Player which fixes a vulnerability that could crash and potentially take over a system which doesn’t have the latest version.

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms13-jun
http://www.adobe.com/support/security/bulletins/apsb13-16.html

Patch Tuesday May 2013

Patch Tuesday of this month offers updates where Microsoft has released fixes for ten vulnerabilities where two of them are critical (for Windows and Internet Explorer), and eight as important. It’s recommended to update as soon as possible.

Adobe have released security updates for ColdFusion and Acrobat/Reader, which means you should update these as soon as possible.

Mozilla have also released multiple critical security updates which concerns Firefox and Thunderbird.

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms13-may
http://www.adobe.com/support/security/advisories/apsa13-03.html
http://www.adobe.com/support/security/bulletins/apsb13-15.html
http://www.mozilla.org/security/announce/

Microsoft Patch Tuesday April 2013

It’s that time of the month again; Patch Tuesday!

Microsoft has released nine patches this month, six of which are marked as high or critical. Amongst the two critical patches are updates to Internet Explorer and Remote Desktop Client.
All Microsoft users are advised to update their systems as soon as possible through Windows Update.

More information: http://blogs.technet.com/b/msrc/archive/2013/04/09/out-with-the-old-in-with-the-april-2013-security-updates.aspx

Microsoft’s Patch Tuesday solves 57 (critical) security vulnerabilities

Today is the regular Patch Tuesday for Microsoft, and this time the update will solve 57 different vulnerabilities (in 12 different packages depending on which software you’re using).
Five of these packages are listed as critical, so it’s important that you run Windows Update as soon as you can on your clients/servers.
There is always the question of “should I update now, or should I wait until others have reported that the patch works okay?”. To me, testing the patches in a non-production environment and then deploy in production as well as quickly as posible goes without saying, but those who doesn’t have that ability need to assess the risk.

This risk of patching can of course mean that you run into a bug with the patch, while the risk of Not updating means that attackers will most certain be looking into which issues were fixed and how they can be exploited – and then exploit it on the systems which haven’t been already patched. In my opinion, the risk of not patching outweighs the risk of patching.

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms13-feb