-
See the Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- February 2009
-
Filter by Category
- Business at risk
- Citadel in the news
- Citadel Information Security Guides
- Citadel: Guide to Blog
- Citadel: Thinking about Security
- Cloud Security
- Combatting Cybercrime
- Consumers at risk
- Cost of Cybercrime
- Cost of Piracy
- Credit card fraud
- Culture Change
- cyber security learning community
- Cyber Security Management
- Cyber War
- events
- Financial systems security
- Future of Cyberspace
- Healthcare
- Identity theft
- Information at Risk
- Insurance
- Internet badlands
- ISSA-LA
- Law Firms
- Legal
- Miscellany
- mobile banking
- mobile internet
- Mobile Security
- national security
- Not-for-Profit
- Online Privacy
- OWASP
- Privacy Matters
- Ray of Sunshine
- School security
- Security Alert: Vulnerability Management
- Security management
- Security Research
- Security Surveys
- Social Engineering
- Social networks
- Virtual Currency
Weekend Vulnerability and Patch Report, February 11, 2011
The following software updates were released last week. Citadel strongly recommends that readers upgrade these programs on their computers.
Microsoft Patch Tuesday: Microsoft has issued a dozen updates addressing at least 22 security vulnerabilities in Microsoft Windows, Internet Explorer, and Office. These vulnerabilities—5 of which were designated “critical”—would allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information or operate with elevated privileges. Readers can check on the updates by clicking on “Security: Check for Updates” in the Windows Control Panel.
Adobe Reader & Acrobat: Adobe has released updates for Reader and Acrobat to address upwards of 25 vulnerabilities. These vulnerabilities would allow a cyber criminal to take control of a user’s computer. These vulnerabilities affect the following software versions:
- Adobe Reader X (10.0) and earlier versions for Windows and Macintosh
- Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh, and Unix
- Adobe Acrobat x (10.0) and earlier versions for Windows and Macintosh
At this time, updates are available only for the Windows platform. Adobe indicates that it plans to release updates for Macintosh and Unix the week of February 28, 2011. These programs are updated from inside their respective programs. Information from Adobe is available here.
Adobe Flash 10.2.152.26. Adobe has updated its Flash Player to address multiple vulnerabilities in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities would allow a cyber criminal to take control of a user’s computer. The update is available here.
RealPlayer 14.0.2: RealNetworks has released security updates to address a vulnerability affecting Windows RealPlayer versions 14.0.1 and earlier (along with RealPlayer Enterprise versions 2.1.4 and earlier). Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the browser. This vulnerability would allow a cyber criminal to take control of a user’s computer. The update is available here.
Google Chrome 9.0.597.95: Google has updated its Chrome browser to address multiple vulnerabilities that would allow a cyber criminal to take control of a user’s computer. The update is available here.
WordPress Version 3.0.5: WordPress has released WordPress 3.0.5 to address multiple vulnerabilities. These vulnerabilities would allow a cyber criminal to obtain sensitive information in back-end databases. Readers whose web site is programmed in the popular WordPress should alert their web masters to upgrade. More information is available from WordPress here.
Important Vulnerabilities.
Sun Java: A vulnerability has been reported in Java, which can be exploited by malicious people to cause a DoS (Denial of Service) problem. While no patch is currently available, a technical fix to this problem is available through Oracle’s FPUpdater Tool available here. The vulnerability is reported in the following products:
- Sun JDK and JRE 6 Update 23 and prior
- Sun JDK 5.0 Update 27 and prior
- Sun SDK 1.4.2_29 and prior
Microsoft Office: Several new critical vulnerabilities have been found in Microsoft products including Office, Excel, and PowerPoint. Both Office 2003 and Office 2007 versions are affected. No patches are available at this time.
HTC Mobile Devices: An unpatched security issue in multiple HTC products has been discovered which can be exploited by malicious people to disclose potentially sensitive information. The issue is in the default Twitter application (Peep) running on the following HTC devices:
- HTC HD2
- HTC HD mini
- HTC Touch Diamond2
- HTC Touch Pro2
If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.
If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.
The Weekend Vulnerability and Patch Report is intended to raise user awareness to cyber security challenges by alerting them to some of the week’s important updates and newly discovered vulnerabilities. It is not intended to be a thorough listing of these.
