Microsoft will deliver six security bulletins on April 10, 2012 as part of its monthly security update, the Redmond-based company said in an advance notification Thursday. The six security bulletins will, between them, address 11 vulnerabilities in Windows, Office, Internet Explorer, SQL Server. .NET Framework and Forefront Unified Access Gateway. Hit the jump for more.
Downright malicious browser plugins and add-ons are obviously a massive security risk, but make no mistake unpatched or outdated extensions are just as big a headache. For this reason, Mozilla has a blocklist service to deal with plugins that jeopardize the security, stability, or performance of Firefox. The latest addition to the Firefox blocklist happens to be the ubiquitous Java plugin. Hit the jump for more.
Google earlier this week updated the Chrome Stable channel to 16.0.912.77 for Windows, Mac, Linux and Chrome Frame, patching four privately reported vulnerabilities in its browser. How come only four, you ask, when the headline clearly mentions five? Actually the fifth was patched a couple of weeks back, but Google mistakenly failed to include it in the release notes. Hit the jump for more.
A computer science student at Stanford University has discovered a hole in Adobe Flash that could be used by an attacker to furtively enable the victim’s camera and microphone. The vulnerability is not in Flash itself, but the Adobe Flash Settings Manager page. More details about the vulnerability can be found after the jump.
Perhaps motivated by Duke Nukem Forever shipping after a decade-and-a-half of development and delays, Microsoft decided to finally patch a vulnerability dating back to the 1990s. Included in yesterday's Patch Tuesday bulletin bonanza is a little nugget listed as CVE-2011-1871, which according to ComputerWorld.com is a fix for the dreaded 'Ping of Death,' or at least it was dreaded some two decades ago.
Adobe has patched an “important’ vulnerability in the recently released Flash Player 10.3.181.16 and all previous versions for Windows, Macintosh, Linux and Solaris, the San Jose-based company said on Sunday. It has issued a security bulletin (APSB11-13) to address the important vulnerability (CVE-2011-2107), which also affects Flash Player 10.3.185.22 and earlier versions for Android. Hit the jump for more.
Outdated browser plugins pose a considerable security threat. According to a report published earlier this year by security and compliance management company Qualys, 80 percent of all browser vulnerabilities stem from outdated plugins. The company behind the browser security analysis tool BrowserCheck, Qualys has just ranked different browser plugins based on their affinity for remaining outdated.
Adobe kicked off the week with a security advisory warning users of its Flash Player about a zero-day bug that is reportedly “being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.” The vulnerability has also been confirmed to affect the auth.dll component that accompanies certain versions of Reader and Acrobat X, but the company has yet to come across any exploits targeting them.
Hit the jump to find out more about the vulnerability, including when exactly Adobe hopes to have it patched.
A security researcher, known only by his nom de guerre “Cupidon-3005,” disclosed a new zero-day bug in Windows Server Message Block (SMB) on Monday. Opting for full disclosure, the security researcher posted exploit code for the vulnerability that, according to Secunia, can be exploited “to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.” Hit the jump for Microsoft’s statement acknowledging the flaw.
Microsoft had a slight breather in September after it delivered a record 14 security bulletins on Patch Tuesday in August. The company was actually preserving its energy for an even more hectic Patch Tuesday in October, which, according to the Security Bulletin Advance Notification, will include 16 updates to patch 49 vulnerabilities – a new record. Out of the 16 security bulletins, four are labeled “critical,” ten “important,” and the remaining two “moderate.” Ten of the security updates address flaws that could allow remote code execution.