Patch Management News, Articles and Updates
The software giant said one of the seven bulletins addresses critical vulnerabilities in Word.
Next week's monthly patch batch from Microsoft is not very burdensome, but it includes a new requirement that certificates must contain RSA key lengths of more than 1,024 bits.
Apple has released Java updates to patch vulnerabilities in Mac OS X Lion, Mountain Lion and Snow Leopard.
Patch alert: In a rare, if not unprecedented, move, Oracle on Thursday issued an out-of-cycle patch for gaping holes in Java 7 that have been widely exploited to spread malware.
In light of the fast-spreading Java 7 exploit, Mozilla has become the first browser maker to suggest users disable Java functionality.
A new Java exploit is expected to become more widespread now that proof-of-concept code has been published. Oracle isn't scheduled to update Java until October.
In a report released this week, the federal Government Accountability Office (GAO) found that the EPA, which just announced a server breach resulting in the personal information compromise of 7,800 people, is falling short in several areas.
Microsoft plugged 26 vulnerabilities, and Adobe shored up 26 of its own as part of a monster Patch Tuesday. Each company is grappling with an active exploit as well.
Microsoft is prepping fixes for 10 vulnerabilities, with researchers' expecting the highest-priority fixes to involve issues in Internet Explorer and Exchange.
WordPress is a common vector of attack because many fail to install the blogging platform's latest patches.
Oracle on Tuesday is planning to release 88 patches to address vulnerabilities across a wide range of the company's products, according to an announcement.
In addition to 15 other vulnerabilities, Microsoft plugged a gaping Core XML Services hole that was being used in active exploits being foisted through Internet Explorer.
Microsoft's monthly security update will be comprised of nine fixes to address 16 vulnerabilities, but it is unclear if a zero-day vulnerability in XML Core Services, which is under active exploit, will be remediated.
VMware addressed flaws that enable attackers to carry out malicious activity.
Traditionally, Apple has taken some time to release updates for its own version of third-party software. But that may be changing if Tuesday's concurrent patches for Java are any guide.
Separate of the patches it released, Microsoft on Tuesday warned of attacks underway that are targeting a zero-day vulnerability residing in XML Core Services, according to an advisory.
As part of its regularly scheduled patch release, Microsoft issued fixes for gaping vulnerabilities in Internet Explorer and Remote Desktop Protocol. The software giant also released a new feature that, in the wake of the Flame virus, enables certificates to be automatically updated.
Adobe on Friday released a new version of its popular Flash Player to patch seven vulnerabilities, according to a bulletin.
The fixes are set to address 25 vulnerabilities, covering Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX and the .NET Framework.
Thirteen security vulnerabilities were fixed this week when Mozilla released Firefox 13.
Apple and Adobe this week released patches for vulnerabilities that could enable attackers to execute malicious code.
Just when you thought all of the windows that control system recon trojan Duqu used to propagate had been roped off, the software giant releases a new set of fixes.
A difficult-to-find vulnerability, disclosed in March at Google's inaugural hacker competition, was among the iOS fixes.
Microsoft on Tuesday plans to dispense seven patches to correct 23 security vulnerabilities.
Adobe on Friday issued an emergency patch for a critical bug in its Flash Player software that is being used in targeted malware attacks.
The leak of details regarding a major Windows bug, which resulted in the removal of DPTech Technologies as a trusted Microsoft partner, calls into question how impervious a vulnerability sharing program can be.
Oracle on Monday urged customers to apply a number of technical measures so organizations can avoid falling victim to a zero-day vulnerability for which proof-of-concept code has been posted.
A security researcher who reported a vulnerability in the popular Oracle database product said Thursday that his discovery was never patched and remains wide open to attack.
Firefox's update includes a new auto-update capability, while Opera's new release contains functionality to prevent the tracking of online users by websites.
Apple has released a third update related to Flashback, but this time, the patch comes with a detection and removal capability for the prolific trojan, and disables Java by default.
SC Magazine Articles
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- WikiLeaks postings of Turkish emails included active links to malware
- U.S. government extends offer to protect states from electoral cyberthreats
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- Cisco shedding 7% of its workforce
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought
- After NSA leaks, a renewed interest in vulnerability disclosure
- USAA members hit with multiple phishing attacks
- Saving money on security software by improving cyber posture, report
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Epic hack, thousands of salted logins stolen