Security researchers today warned of a significant worm attack exploiting an old target - a privilege-escalation flaw in Symantec's Client Security and AntiVirus Corporate Edition solution that was patched in May.
Sun has patched for several vulnerabilities in its Java System Identity Manager. Rated "highly critical" by vulnerability tracking service Secunia, the flaws impact versions 7 and 8. The bugs could be exploited to allow for security bypass, cross-site scripting, data manipulation, information exposure, privilegeescalation and system access, according to Secunia. Sun advised users to install the pertinent patches, which were distributed Monday. — DK
Microsoft is investigating "an installation issue" stemming from one of the patches it released on Tuesday, said Jerry Bryant, senior security communications manager at Microsoft. Attempting to install the fix reportedly can result in users getting the so-called blue screen of death when they attempt to restart. The potentially broken patch reportedly is bulletin MS10-015, which repairs privilege-escalation vulnerabilities in the Windows kernel. — DK