The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.
April 04, 2013
The software giant expects to distribute eight other fixes to correct vulnerabilities in Windows, Office, Server Software and Security Software.
The vulnerability allows anyone with "casual physical access, such as a custodian sweeping your office at night or a security guard making his rounds" to plug in a USB device and become an administrator, according to Microsoft.
They address flaws in Internet Explorer (IE), Windows, Office, Server Software and Silverlight.
Adobe this week released an update to its Flash Player to close three vulnerabilities, two of which are under active attack.
Adobe on Wednesday made available a security update to its Reader and Acrobat software to close two vulnerabilities that are under active attack.
One security bulletin fixes 13 flaws that could allow an attack to remotely execute code in several versions of IE.
The software company has updated its ubiquitous Flash software because of two pressing zero-day vulnerabilities.
The software giant expects to release a dozen patches on Tuesday, but all eyes are on two bulletins that address security flaws in Internet Explorer.
Milton Smith, Java's security lead, said Oracle will focus on browser-based Java attacks, the largest threat for users.
Oracle on Tuesday shipped its quarterly security update to close 86 vulnerabilities across its product line.
Responding to a widening outbreak of Java malware, Oracle on Sunday dispensed an urgent fix for the latest version of the software platform.
The software giant is taking the rare step of issuing an out-of-cycle patch for a dangerous IE bug that is being used in ongoing spy attacks.
January 09, 2013
A majority of the bugs patched in the latest version of Mozilla's web browser were deemed "critical."
But a researcher said the fix is not adequate and can be evaded by tweaking the malicious code. Meanwhile, it's unclear if the bug is related to a wave of Yahoo account takeovers affecting users in recent days.
Adobe also plans to patch its Reader and Acrobat products on Tuesday.
January 02, 2013
This month's news briefs include President Obama issuing guidance for the information security threat posed by insiders, charges in Butterfly botnet case and hack of AT&T website, and other security news.
Stretched across websites, carefully placed beside content and at times popping out of nowhere to steal one's attention, we can run from online advertisements, but we certainly can't hide.
December 26, 2012
When you consider how many stakeholders are invested in Microsoft's Patch Tuesday, it's no wonder the monthly affair stirs up so much energy in the cyber world.
IT administrators will scramble amid the holiday chaos to update their systems with the latest patches. So far, no exploits have been seen, but that could change now that the fixes are out.
Microsoft next week is scheduled to release seven patches to cover 11 security vulnerabilities, the software giant announced Thursday.
Mozilla has packaged fixes for nearly 30 security vulnerabilities into the latest version of its web browser, Firefox 17.
First divulged in a Russian online community, a Skype password reset vulnerability could have given attackers the ability to run amuck in users' Skype accounts.
Microsoft deemed two of the four "critical" patches to be the highest priority. One provides a cumulative update for Internet Explorer 9, the other addresses three TrueType font vulnerabilities.
Microsoft released an advanced notification highlighting six fixes that will be a part of their Patch Tuesday cycle.
The scheduled patch addresses seven "critical" flaws that could allow attackers to take over affected systems.
Adobe on Monday released a security update for its popular Flash software. Shortly after, Microsoft issued fixes for the same vulnerabilities for users running Flash in the forthcoming Internet Explorer 10.
Microsoft is set to release an update to repair five flaws, including a new zero-day vulnerability.
Experts said the light patch load addresses issues that aren't considered high-risk, but the monthly update from Microsoft also includes a new requirement that encryption algorithms on RSA certificates meet a certain key length.
Security firm Security Explorations discovered the new vulnerability, which, when combined with other still-unpatched weaknesses in Java, could allow for a complete bypass of the Java Virtual Machine sandbox in the environment of the latest Java SE software.
