Patch Management

Security vendors can no longer ignore patch management

Scott Hagenus, VP, strategic relationships, GFI Software • February 03, 2012

While AV software derails a lot of potentially harmful attacks, it is only one component of a comprehensive security solution.
 

Adobe patches Reader bugs, releases new JavaScript feature

January 10, 2012

Adobe joined Microsoft with software updates on Tuesday for Reader and Acrobat. In addition, the PDF software company released a new capability that allows JavaScript to run based on document trust.
 

Microsoft issues seven security patches, BEAST fix included

January 10, 2012

While Tuesday's security update only contains one fix for a "critical" issue, it addresses a number of issues that could lead to malware infestations.
 

Adobe to release quarterly updates to address critical bugs

January 06, 2012

Adobe announced Friday that it intends to release its quarterly updates next week.
 

Microsoft preps seven security patches

January 05, 2012

The security update, which plans to address eight vulnerabilities, will include one "critical" fix.
 

Microsoft delivers rare out-of-band patch for ASP.NET issue

December 29, 2011

Some Microsoft engineers likely spent the holidays prepping a patch for a dangerous denial-of-service vulnerability affecting the .NET Framework.
 

Mozilla fixes crash issue after new Firefox version issued

December 22, 2011

One day after releasing version 9 of its Firefox web browser, Mozilla on Wednesday issued Firefox 9.0.1 to address an issue that caused Windows, Mac and Linux users' browsers to crash.
 

Out-of-band fix for Adobe Reader security issue coming Friday

December 15, 2011

An out-of-cycle patch is coming to fix a flaw in Adobe Reader and Acrobat 9 for Windows.
 

Chrome 16 includes 15 vulnerability fixes

December 14, 2011

Google on Tuesday released Chrome 16, which includes fixes for 15 security vulnerabilities.
 

"Critical" Microsoft security bugs at lowest level since 2005

December 14, 2011

Microsoft officials credit more robust software security design with a diminished number of bugs garnering the tech giant's most severe rating.
 

Oracle updates Java, Adobe patches ColdFusion

December 13, 2011

An update from Oracle clears up, among other vulnerabilities, an issue that caused Java 6 Update 29 to break SSL connectivity. Meanwhile, Adobe offered a fix for its ColdFusion development platform.
 

Three "critical" patches to be in Microsoft security update

December 08, 2011

Microsoft on Tuesday is scheduled to release 14 patches to fix 20 vulnerabilities across its product line.
 

Microsoft to make updates less disruptive, more predicatable

November 15, 2011

In an effort to smooth the patching process for users, Microsoft plans to improve its updating mechanism in Windows 8, due out next year.
 

Video: The Android problem

November 15, 2011

In this interview, Harry Sverdlove, CTO of Bit9, describes to SC Magazine Executive Editor Dan Kaplan what the bring-your-own-device revolution means for organizations, and how they should best address the threat posed by endpoints such as the Android.
 

Apple issues iTunes update to close man-in-the-middle hole

November 14, 2011

Apple on Monday released an updated version of its iTunes program to close a vulnerability that could lead to a man-in-the-middle attack.
 

Firefox updates for security, user add-on control

November 09, 2011

Mozilla joined Microsoft and Adobe with security software updates on Tuesday.
 

Adobe releases critical Shockwave Player security update

November 08, 2011

The flaws corrected by an Adobe Shockwave Player update could allow an attacker to run malicious code on an affected system.
 

Apple pushes QuickTime update

October 27, 2011

Apple has released an update for its QuickTime software to close 12 vulnerabilities. Version 7.7.1 includes 10 fixes for flaws that, if exploited, could lead to arbitrary code execution. Most of the bugs involve memory or buffer overflow issues, whereby viewing a malicious movie file could result in an exploit. The update is available for Windows 7, Vista, XP and later versions.
 

Australian gov't wins U.S. security award from SANS

Darren Pauli, editor, SC Magazine, Australia/New Zealand October 27, 2011

An Australian government agency that instituted patching, whitelisting and account control as the foundation of its targeted attack defense took home a U.S. award from the SANS Institute.
 

HTC working with carriers to push Android bug fix

October 26, 2011

Users of HTC-made Android devices are receiving software security updates to correct a vulnerability that could be exploited by a third-party to steal personal information.
 

Google closes 18 Chrome holes

October 25, 2011

Google on Tuesday pushed out a new version of its Chrome web browser to rectify 18 vulnerablities, including 11 that are deemed "high" in severity. Version 15, part of the "stable" channel of Chrome, also includes protection against Browser Exploit Against SSL/TLS (BEAST), a JavaScript hacking tool disclosed last month at a security conference in Argentina that can decrypt HTTPS requests and encrypted cookies. Microsoft has since issued an advisory that acknowledges the issue, along with a Fix-It solution. Meanwhile, researchers who disclosed the flaws in Chrome received more than $26,000 combined for their finds as part of Google's bug bounty program.
 

Apple releases OS X, iOS, Safari updates

October 13, 2011

Apple on Wednesday issued much-anticipated updates for its Mac OS X and iOS mobile operating system, adding support for its new iCloud service, and fixing a bevy of security flaws.
 

Apple releases mammoth iTunes update

October 11, 2011

Apple on Tuesday released an update to its iTunes software to repair a whopping 79 vulnerabilities. Most of the flaws are memory corruption issues found in WebKit, an open source web browser engine that helps render the iTunes Store. In the case of those bugs, adversaries could launch a man-in-middle attack while a user browses the store, which may lead to malicious code execution. The other holes patched by upgrading to iTunes 10.5 lie in CoreFoundation, ColorSync, CoreAudio, CoreMedia and ImageIO.
 

Google patches Chrome holes, pays $10,000

Darren Pauli, SC Australia/New Zealand edition October 05, 2011

Google this week fixed seven vulnerabilities in the Chrome web browser, and paid $10,000 to researchers who reported them. Researcher Sergey Glazunov scored $8,000 for reporting five Chrome bugs, including $4,500 for three use after free bugs in v8 bindings. Glazunov has dominated Google's Chromium security hall of fame, which pays researchers for reporting bugs in the Chrome browser.
 

HTC confirms hole in its Android phones

October 04, 2011

HTC plans to release a patch after a "short" testing period, the company said Tuesday.
 

Oracle patches "Apache Killer" flaw in HTTP Server

September 16, 2011

A vulnerability could allow attackers to crash Oracle HTTP Server products based on Apache 2.0 or 2.2.
 

Microsoft, Adobe release scheduled security patches

September 13, 2011

Microsoft released five important bulletins addressing 15 flaws, along with an update revoking six more DigiNotar certificates, while Adobe issued critical updates for Reader and Acrobat.
 

Oops: Microsoft errantly releases patch details four days early

September 09, 2011

Microsoft on Friday accidentally posted details about Tuesday's scheduled security update. The software giant removed the five "important" bulletins, but not before organizations such as the SANS Internet Storm Center posted a summary of the patches. According to the group, six of the vulnerabilities being patched are in SharePoint, five in Excel, two in Office and one each in Windows and the Windows Internet Name Service (WINS). The Windows, Excel and Office flaws could lead to remote code execution. However, Microsoft has said none of the five patches earned the software giant's most severe designation of "critical." In a tweet, the Microsoft Security Response Center said it has since removed the content about the patches.
 

Microsoft, Adobe announce forthcoming patches

September 08, 2011

Microsoft is readying five "important" security bulletins for Windows and Office, while Adobe plans to release critical updates for Reader and Acrobat.
 

Microsoft prepping 13 patches for 22 flaws

August 04, 2011

The software giant's monthly security update will include fixes for bugs in all versions of Internet Explorer.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Phishing Retail Rootkits SC Awards 2012 Trojans