Archive for the 'patch' Category

Adobe Patches (May-2013)

Published May 15, 2013 Adobe , patch , Patch_Tuesday , security Leave a Comment

Adobe has released one patch for this month’s Patch Tuesday

Bulletin Description Severity Impact Software
APSB13-13 Security updates available for Cold Fusion Remote Code Execution Critical Adobe Cold Fusion
APSB13-14 Security updates available for Adobe Flash Player Remote Code Execution Critical Adobe Flash Player, Adobe AIR
APSB13-15 Security updates available for Adobe Reader and Acrobat Remote Code Execution Critical Adobe Reader and Acrobat
LINKS:
[1.] Adobe Security Bulletins Posted (2013-May-14) [Adobe PSIRT Blog]
[2.] Adobe – Security bulletins and advisories (2013-May-14) [Adobe]
[3] Adobe May 2013 Black Tuesday Overview (2013-May-14) [SANS]

Firefox 21.0

Published May 15, 2013 firefox , patch , Patch_Tuesday , security Leave a Comment

Firefox v.21.0 was offered to release channel users on May 14, 2013

FF21

Fixed in Firefox 21.0 [4]
MFSA 2013-48 Memory corruption found using Address Sanitizer
MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
MFSA 2013-46 Use-after-free with video and onresize event
MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
MFSA 2013-43 File input control has access to full path
MFSA 2013-42 Privileged access for content level constructor
MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)

Vulnerability ratings: 3 Critical, 3 High , 1 Moderate
Evaluation: Test and update.

LINKS:
[1] Firefox Updated: Firefox 21.0 (2013-May-14) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 21.0 Release Notes (2013-May-14) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]

Patch Tuesday Wednesday (May-2013)

Published May 15, 2013 microsoft , patch , Patch_Tuesday , security Leave a Comment

This month Microsoft have released ten (10) security bulletins of which two (2) have a maximum rating of Critical, and eight (8) have a maximum rating of Important.

Today, we are releasing 10 bulletins, addressing 33 vulnerabilities in Microsoft products. Before we get into the details, we wanted to first let our enterprise customers know about a change in how we’re communicating technical details within our security advisories. Starting today, customers will be able to clearly identify key security updates within advisories. For further details, please visit Knowledge Base article 2849195.
Let’s talk about the updates that we released today. Ten bulletins were released, two Critical and eight Important, addressing 33 vulnerabilities in Internet Explorer, Microsoft Windows, Microsoft Office, Server and Tools, and .NET Framework. For those who need to prioritize deployment, we recommend focusing on MS13-037, MS13-038 and MS13-039 first. As always, customers should deploy all security updates as soon as possible. [1]

Bulletin KB number Description Severity Impact Software
MS13-037 2829530 Cumulative Security Update for Internet Explorer Remote Code Execution Critical Microsoft Windows, Internet Explorer
MS13-038 2847204 Security Update for Internet Explorer Remote Code Execution Critical Microsoft Windows, Internet Explorer
MS13-039 2829254 Vulnerability in HTTP.sys Could Allow Denial of Service Denial of Service Important Microsoft Windows
MS13-040 2836440 Vulnerabilities in .NET Framework Could Allow Spoofing Spoofing Important Microsoft Windows, Microsoft .NET Framework
MS13-041 2834695 Vulnerability in Lync Could Allow Remote Code Execution Remote Code Execution Important Microsoft Lync
MS13-042 2830397 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution Remote Code Execution Important Microsoft Office
MS13-043 2830399 Vulnerability in Microsoft Word Could Allow Remote Code Execution Remote Code Execution Important Microsoft Office
MS13-044 2834692 Vulnerability in Microsoft Visio Could Allow Information Disclosure Information Disclosure Important Microsoft Office
MS13-045 2813707 Vulnerability in Windows Essentials Could Allow Information Disclosure Information Disclosure Important Windows Essentials
MS13-046 2840221 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege Elevation of Privilege Important Microsoft Windows

PATCH NOW:
* MS13-038 (Microsoft Internet Explorer)

LINKS:
[1.] Microsoft Customer Protections for May 2013 (2013-May-14) [MS: MSRC]
[2.] Microsoft May 2013 Black Tuesday Overview (2013-May-14) [SANS]
[3.] Microsoft Security Bulletin Summary for May 2013 (2013-May-14) [MS]
[4.] Microsoft security updates for May 2013 (2013-May-14) [MS]

Patch Tuesday, a Heads Up. (May-2013)

Published May 10, 2013 microsoft , patch , Patch_Tuesday , security Leave a Comment

Next scheduled release: May 14th, 2012
The heads up for this month is; On Tuesday 14th May (US time; Wednesday 15th May AU time) Microsoft expect to release ten (10) new security bulletins. Two (2) bulletins carry a maximum aggregate rating of Critical, and eight (8) are rated Important.

Today we’re providing Advance Notification of 10 bulletins for release on Tuesday, May 14, 2013. This release brings two Critical and eight Important-class bulletins, which address 33 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows and Internet Explorer. Of note, we are working to have the Internet Explorer Security Update address the issue described in Security Advisory 2847140, supplementing the currently available Fix it. The Important-rated bulletins address issues in Microsoft Windows, Microsoft Office, Server and Tools, and .NET Framework.
As always, we will publish the bulletins on the second Tuesday of the month, at approximately 10 a.m. PST. … [1]

LINKS:
[1] Advance Notification Service for the May 2013 Security Bulletin Release (2013-May-09) [MSRC]

Adobe Patches (Apr-2013)

Published April 10, 2013 Adobe , patch , Patch_Tuesday , security Leave a Comment

Adobe has released three updates for this month’s Patch Tuesday fixing vulnerabilities in Adobe Cold Fusion, Adobe Flash Player + Adobe AIR and Adobe Shockwave Player.

Bulletin Description Severity Impact Software
APSB13-10 Security update: Hotfix available for ColdFusion Elevation of Privilege Important Adobe ColdFusion
APSB13-11 Security updates available for Adobe Flash Remote Code Execution Critical Adobe Flash Player, Adobe AIR
APSB13-12 Security update available for Adobe Shockwave Player Remote Code Execution Critical Adobe Shockwave Player
LINKS:
[1.] Adobe Security Bulletins Posted (2013-Apr-09) [Adobe PSIRT Blog]
[2.] Adobe – Security bulletins and advisories (2013-Apr-09) [Adobe]
[3] Adobe April 2013 Black Tuesday Overview (2013-Apr-09) [SANS]

Patch Tuesday Wednesday (Apr-2013)

Published April 10, 2013 microsoft , patch , Patch_Tuesday , security Leave a Comment

Windows XP was originally released on August 24, 2001. Since that time, high-speed Internet connections and wireless networking have gone from being a rarity to the norm, and Internet usage has grown from 360 million to almost two-and-a-half billion users. Thanks to programs like Skype, we now make video calls with regularity, and social media has grown from a curiosity to a part of our everyday lives. But through it all, Windows XP keeps chugging along. With its longevity and wide user base, Windows XP has served its customers faithfully over the years, but all good things must come to an end, and Windows XP is no exception.
In just 52 shorts weeks, support for the Windows XP will come to an end. …[1]

This month Microsoft have released nine (9) security bulletins of which two (2) have a maximum rating of Critical, and seven (7) have a maximum rating of Important.

We are releasing nine bulletins, two Critical-class and seven Important-class, addressing 14 vulnerabilities in Tools Microsoft Windows, Internet Explorer, Microsoft Antimalware Client, Office, and Server Software. For those who need to prioritize deployment, we recommend focusing on MS13-028 and MS13-029 first. [1]

Bulletin KB number Description Severity Impact Software
MS13-028 2817183 Cumulative Security Update for Internet Explorer Remote Code Execution Critical Microsoft Windows, Internet Explorer
MS13-029 2828223 Vulnerability in Remote Desktop Client Could Allow Remote Code Execution Remote Code Execution Critical Microsoft Windows
MS13-030 2827663 Vulnerability in SharePoint Could Allow Information Disclosure Information Disclosure Important Microsoft Office, Microsoft Server Software
MS13-031 2813170 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege Elevation of Privilege Important Microsoft Windows
MS13-032 2830914 Vulnerability in Active Directory Could Lead to Denial of Service Denial of Service Important Microsoft Windows
MS13-033 2820917 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege Elevation of Privilege Important Microsoft Windows
MS13-034 2823482 Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege Elevation of Privilege Important Microsoft Security Software
MS13-035 2821818 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege Elevation of Privilege Important Microsoft Office, Microsoft Server Software
MS13-036 2829996 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege Elevation of Privilege Important Microsoft Windows

PATCH NOW:
* MS13-028 (Microsoft Internet Explorer)
* MS13-029 (Windows Remote Desktop Client)

Patch Tuesday, a Heads Up. (Apr-2013)

Published April 9, 2013 microsoft , patch , Patch_Tuesday , security Leave a Comment

Next scheduled release: April 09th, 2012
The heads up for this month is; On Tuesday 09th April (US time; Wednesday 10th April AU time) Microsoft expect to release nine (9) new security bulletins. Two (2) bulletins carry a maximum aggregate rating of Critical, and seven (7) are rated Important.

In celebration of spring’s onset, today we’re providing advance notification for the April 2013 release of nine bulletins; two Critical and seven Important. The Critical bulletins address vulnerabilities in Microsoft Windows and Internet Explorer, and the seven Important-rated bulletins will address issues in Microsoft Windows, Office, Antimalware Software, and Server Software. [1]

LINKS:
[1] Advance Notification Service for the April 2013 Security Bulletin Release (2013-Apr-04) [MSRC]

Firefox 20.0

Published April 3, 2013 firefox , patch , security Leave a Comment

Firefox v.20.0 was offered to release channel users on April 02, 2013

FF20

Fixed in Firefox 20.0 [4]
MFSA 2013-40 Out-of-bounds array read in CERT_DecodeCertPackage
MFSA 2013-39 Memory corruption while rendering grayscale PNG images
MFSA 2013-38 Cross-site scripting (XSS) using timed history navigations
MFSA 2013-37 Bypass of tab-modal dialog origin disclosure
MFSA 2013-36 Bypass of SOW protections allows cloning of protected nodes
MFSA 2013-35 WebGL crash with Mesa graphics driver on Linux
MFSA 2013-34 Privilege escalation through Mozilla Updater
MFSA 2013-33 World read and write access to app_tmp directory on Android
MFSA 2013-32 Privilege escalation through Mozilla Maintenance Service
MFSA 2013-31 Out-of-bounds write in Cairo library
MFSA 2013-30 Miscellaneous memory safety hazards (rv:20.0 / rv:17.0.5)

Vulnerability ratings: 3 Critical, 4 High , 4 Moderate
Evaluation: There’s a fair number of changes in this update; test and update.

This update breaks the WordPress.com HTML5 audio plugin; no player and shows as Download :(

LINKS:
[1] Firefox Updated: Firefox 20.0 (2013-Apr-02) [Mozilla]
[2] Firefox features [Mozilla]
[3] Mozilla Firefox 20.0 Release Notes (2013-Apr-02) [Mozilla]
[4] Security Advisories for Firefox [Mozilla]

iOS 6.1.3

Published March 22, 2013 apple , patch , security Leave a Comment
Tags: ,

ios 6-1-3

iOS 6.1.3
This update contains improvements and bug fixes, including:
* Fixes a bug that could allow someone to bypass the passcode and access the Phone app
* Improvements to Maps in Japan

Apple has released iOS 6.1.3 with the biggest issue being the Passcode Lock bypass;

Impact: A person with physical access to the device may be able to bypass the screen lock
Description: A logic issue existed in the handling of emergency calls from the lock screen. This issue was addressed through improved lock state management.

VERDICT: Update now

LINKS:
[1] iOS 6.1.3 Software Update DL1646 (2013-Mar-19) [Apple]
[2] About the security content of iOS 6.1.3 HT5704 (2013-Mar-19) [Apple]

Adobe Patches (Mar-2013)

Published March 13, 2013 Adobe , patch , Patch_Tuesday , security Leave a Comment

Adobe has released one patch for this month’s Patch Tuesday fixing four vulnerabilities in Adobe Flash Player and Adobe AIR.

Bulletin Description Severity Impact Software
APSB13-09 Security updates available for Adobe Flash Player Remote Code Execution Critical Adobe Flash Player, Adobe AIR
LINKS:
[1.] Security updates available for Adobe Flash Player (APSB13-09) (2013-Mar-12) [Adobe PSIRT Blog]
[2.] Adobe – Security bulletins and advisories (2013-Mar-12) [Adobe]
[3] Adobe March 2013 Black Tueday (2013-Mar-12) [SANS]
May 2013
M T W T F S S
« Apr    
 12345
6789101112
13141516171819
20212223242526
2728293031  

Categories

License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 Australia License.

del.icio.us

Flickr Photos

LaserForce

Birthday Dragon

Birthday Dragon

Birthday Dragon

Birthday Dragon

New Bow

Day 10 | stars | #FMSphotoadayMAY 2013

2013 Mother's Day Classic

More Photos

Twittering

Cluster Map

Locations of visitors to this page
hacker emblem
Follow

Get every new post delivered to your Inbox.

Join 27 other followers