Internet Explorer 0-day (take 2 of the last few days…)

September 20th, 2006

The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML… Incidents.org has good coverage here. Microsoft has an advisory up and they expect to release a patch on the next scheduled patch day (earlier if needed…. ahem….) Sunbelt is blogging about the “epic loads of adware” being pushed into systems via this vulnerability. Now, some workarounds….

Read the rest of this entry »

Internet Explorer zero-day

September 15th, 2006

This time around, the zero day is related to Internet Explorer and activex… (directanimation specifically). Incidents has a good update on the issue. This is a second exploit, there was another at the end of August, MS has an advisory on the issue. I think a safe bet would be alternative browsers until this is patched. It is possible though to enable a kill bit, or vary security settings to disable/always prompt before using activex.

   Send article as PDF   

Firefox and Thunderbird updates

September 15th, 2006

As I’ve just posted to the security-update-notice category, Firefox and Thunderbird both have been released in 1.5.0.7 version…. the release fixes a number of known security issues and you should upgrade as soon as possible. Details on the issues at incidents.org Also, you can visit mozilla.com for downloads

Read the rest of this entry »

Mozilla Thunderbird 1.5.0.7

September 15th, 2006

Multiple Security updates release notes.

download

   Send article as PDF   

Mozilla Firefox 1.5.0.7

September 15th, 2006

Multiple Security updates release notes.

download

   Send article as PDF   

Apple Quicktime 7.1.3

September 13th, 2006

Quicktime multiple vulnerabilities Mac/Windows…

download page

   Send article as PDF   

Adobe Flash Player 9.0.16.0

September 13th, 2006

Flash Player multiple security vulnerability for all versions prior to (and including) 8.0.24.0 details.
Update to 9.0.16.0 (OR 8.0.33.0, 7.0.68.0, or 7.0.66.0 from advisory.)

Download page.

   Send article as PDF   

Microsoft Windows and Office updates (September 2006)

September 13th, 2006

Several Security issues (September 2006 patch day.) Several previous patches re-released. details.

(Updated to correct year – 2006 not 2007 )

update.microsoft.com

   Send article as PDF   

Microsoft Update day for September…. AND Flash… AND Apple

September 13th, 2006

Yesterday, of course, Microsoft released it’s monthly patches. I found the Windows update site to be painfully slow (and in some cases unresponsive.) It wasn’t quite a huge update day by recent standards, but here’s the summary…. Incidents.org has a nice chart showing the two re-released patches (one is actually re-re-released…) They are MS06-040 (server service patch – critical) and MS06-042 (IE 6 patch). Both of those vulnerabilities addressed are well known and could be actively exploited. The “first release” updates from this month affect Microsoft Queue System MS06-052 which is the most important of the releases….

Read the rest of this entry »

ANOTHER Microsoft patch problem

September 11th, 2006

This is getting to be like clockwork, but it sounds like this may be one of the nastiest problems so far. It appears that there is a problem with one of the recent patches from Microsoft MS06-49. It looks as though the problem is data corruption for small files (under 4096 bytes.) There’s a google groups thread here. The key factor seems to be that IF the folder is compressed, the data within is subject to this possible corruption.

Read the rest of this entry »