-
See the Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- February 2009
-
Filter by Category
- Business at risk
- Citadel in the news
- Citadel Information Security Guides
- Citadel: Guide to Blog
- Citadel: Thinking about Security
- Cloud Security
- Combatting Cybercrime
- Consumers at risk
- Cost of Cybercrime
- Cost of Piracy
- Credit card fraud
- Culture Change
- cyber security learning community
- Cyber Security Management
- Cyber War
- events
- Financial systems security
- Future of Cyberspace
- Healthcare
- Identity theft
- Information at Risk
- Insurance
- Internet badlands
- ISSA-LA
- Law Firms
- Legal
- Miscellany
- mobile banking
- mobile internet
- Mobile Security
- national security
- Not-for-Profit
- Online Privacy
- OWASP
- Privacy Matters
- Ray of Sunshine
- School security
- Security Alert: Vulnerability Management
- Security management
- Security Research
- Security Surveys
- Social Engineering
- Social networks
- Virtual Currency
Weekend Vulnerability and Patch Report, January 28, 2011
The following software updates were released last week. Citadel strongly recommends that readers upgrade these programs on their computers.
Opera 11.01. Opera has updated its browser after several vulnerabilities were reported that allow a cyber criminal to steal sensitive information and take control of a user’s workstation. The update is available at this link.
iTunes 10.1.2: Apple has updated iTunes. The update includes several important stability and performance improvements.
RealPlayer 14.0.2: A vulnerability has been reported in RealPlayer, which can be exploited by cyber criminal’s to take control of a user’s computer. The vulnerability is reported in versions 14.0.1 and prior, SP 1.1.5 and prior, and 11.1 and prior. More information is available on the RealPlayer Knowledge Base.
Symantec Products: Numerous critical vulnerabilities have been reported in Symantec AntiVirus Corporate Edition Server 10.x and Symantec System Center 10.x. Readers whose organizations use Symantec corporate products should notify IT staff of the availability of version 10.1 MR10.
Citrix Update: CERT is reporting vulnerabilities in various editions of the Citrix Access Gateway. If your organization uses Citrix, advise your IT staff to upgrade. IT staff can get more information on the National Vulnerability Database.
WordPress Vulnerabilities: Several vulnerabilities in WordPress Plugin have been announced this week. If your web site is developed in WordPress, advise your web master to apply needed updates.
Important Vulnerabilities.
Microsoft Internet Explorer: Microsoft has warned in an Advisory that cyber criminals have published instructions for exploiting a previously unknown security vulnerability in all versions of Windows. The exploit can be used to steal user data or take control of a user’s workstation. While the flaw resides in Windows, it manifests in Internet Explorer. According to KrebsOnSecurity, the vulnerability does not impact other browsers such as Firefox and Chrome. Microsoft has said that they may issue a patch for this vulnerability. In the meantime, Microsoft has made available a “FixIT” tool to help strengthen the way Windows handles MHTML documents. To enable that fix, visit this link and click the FixIT icon.
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
The Weekend Vulnerability and Patch Report is intended to raise user awareness to cyber security challenges by alerting them to some of the week’s important updates and newly discovered vulnerabilities. It is not intended to be a thorough listing of these.
