Patches

Microsoft fixes three "critical" flaws with Patch Tuesday release

By

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.

April's Patch Tuesday from Microsoft includes another Internet Explorer patch

April's Patch Tuesday from Microsoft includes another Internet Explorer patch By

The software giant expects to distribute eight other fixes to correct vulnerabilities in Windows, Office, Server Software and Security Software.

Microsoft pushes seven patches, including fix for "evil maid"-style attack

By

The vulnerability allows anyone with "casual physical access, such as a custodian sweeping your office at night or a security guard making his rounds" to plug in a USB device and become an administrator, according to Microsoft.

Microsoft schedules seven security patches for monthly Patch Tuesday

By

They address flaws in Internet Explorer (IE), Windows, Office, Server Software and Silverlight.

Adobe hurries update to fix Flash zero-day vulnerabilities

By

Adobe this week released an update to its Flash Player to close three vulnerabilities, two of which are under active attack.

Adobe patches against PDF exploits that overran sandbox

By

Adobe on Wednesday made available a security update to its Reader and Acrobat software to close two vulnerabilities that are under active attack.

Microsoft patch fixes critical IE flaws

By

One security bulletin fixes 13 flaws that could allow an attack to remotely execute code in several versions of IE.

Adobe updates Flash to address targeted exploits

By

The software company has updated its ubiquitous Flash software because of two pressing zero-day vulnerabilities.

Microsoft to plug 57 security holes next week

By

The software giant expects to release a dozen patches on Tuesday, but all eyes are on two bulletins that address security flaws in Internet Explorer.

Oracle speaks, promises to get Java "fixed up"

By

Milton Smith, Java's security lead, said Oracle will focus on browser-based Java attacks, the largest threat for users.

Oracle quarterly update offers 86 security fixes

By

Oracle on Tuesday shipped its quarterly security update to close 86 vulnerabilities across its product line.

As exploits climb, Oracle patches Java 7

By

Responding to a widening outbreak of Java malware, Oracle on Sunday dispensed an urgent fix for the latest version of the software platform.

Microsoft rushes fix for Internet Explorer vulnerability

By

The software giant is taking the rare step of issuing an out-of-cycle patch for a dangerous IE bug that is being used in ongoing spy attacks.

Firefox 18 includes security fixes, app features Safe Browsing

Firefox 18 includes security fixes, app features Safe Browsing By

A majority of the bugs patched in the latest version of Mozilla's web browser were deemed "critical."

Yahoo patches XSS flaw affecting mail users

By

But a researcher said the fix is not adequate and can be evaded by tweaking the malicious code. Meanwhile, it's unclear if the bug is related to a wave of Yahoo account takeovers affecting users in recent days.

Adobe preps ColdFusion update to deter active exploits

By

Adobe also plans to patch its Reader and Acrobat products on Tuesday.

News briefs: The latest security events

News briefs: The latest security events By

This month's news briefs include President Obama issuing guidance for the information security threat posed by insiders, charges in Butterfly botnet case and hack of AT&T website, and other security news.

2 minutes on: Will ad blockers be regulated?

By

Stretched across websites, carefully placed beside content and at times popping out of nowhere to steal one's attention, we can run from online advertisements, but we certainly can't hide.

The ghosts of Microsoft: Patch, present and future

The ghosts of Microsoft: Patch, present and future

When you consider how many stakeholders are invested in Microsoft's Patch Tuesday, it's no wonder the monthly affair stirs up so much energy in the cyber world.

Microsoft, Adobe patch a range of vulnerabilities

By

IT administrators will scramble amid the holiday chaos to update their systems with the latest patches. So far, no exploits have been seen, but that could change now that the fixes are out.

Security fixes for Internet Explorer, Exchange coming Tuesday

By

Microsoft next week is scheduled to release seven patches to cover 11 security vulnerabilities, the software giant announced Thursday.

Firefox 17 includes security fixes, Social API debut

By

Mozilla has packaged fixes for nearly 30 security vulnerabilities into the latest version of its web browser, Firefox 17.

Skype dispatches swift fix for password reset flaw

By

First divulged in a Russian online community, a Skype password reset vulnerability could have given attackers the ability to run amuck in users' Skype accounts.

Microsoft drops IE, Windows fixes on Patch Tuesday

By

Microsoft deemed two of the four "critical" patches to be the highest priority. One provides a cumulative update for Internet Explorer 9, the other addresses three TrueType font vulnerabilities.

Microsoft to patch 19 vulnerabilities on Tuesday

By

Microsoft released an advanced notification highlighting six fixes that will be a part of their Patch Tuesday cycle.

Adobe releases updates for Flash Player, AIR

By

The scheduled patch addresses seven "critical" flaws that could allow attackers to take over affected systems.

Adobe doles out Flash security fixes, Microsoft follows

By

Adobe on Monday released a security update for its popular Flash software. Shortly after, Microsoft issued fixes for the same vulnerabilities for users running Flash in the forthcoming Internet Explorer 10.

Microsoft to release out-of-cycle patch for "critical" flaws

By

Microsoft is set to release an update to repair five flaws, including a new zero-day vulnerability.

Microsoft pushes two patches and new cert requirement

By

Experts said the light patch load addresses issues that aren't considered high-risk, but the monthly update from Microsoft also includes a new requirement that encryption algorithms on RSA certificates meet a certain key length.

Researchers: Oracle will address new Java flaw next month

By

Security firm Security Explorations discovered the new vulnerability, which, when combined with other still-unpatched weaknesses in Java, could allow for a complete bypass of the Java Virtual Machine sandbox in the environment of the latest Java SE software.

Sign up for our newsletters

POLL