Don’t forget about the non-Microsoft vuls | SC Media

Don’t forget about the non-Microsoft vuls

May 3, 2007
The eyes of the patching world are focused on the bustling metropolis of Redmond, Wash. tonight, as Microsoft announced seven patches will be released next Tuesday.

So let’s not forget about the other vulnerabilities out there.

Apple patched the much debated QuickTime flaw on Monday. Thomas Ptacek had breaking analysis on the release, and he breaks down the vulnerability to the point where even a novice like myself can understand it. In the comments section, an interesting point is brought up as well: Apple’s advisory says the flaw is patched for QuickTime on XP and OS X, but not Windows Vista. Why not?

And let’s not forget about Cisco, which advised users on two flaws of its own in PIX and ASA that can allow authentication bypass and DoS attacks.

Meanwhile, most vendors disagree with the concept of Month of _____ Bugs projects, but that hasn’t stopped them from popping up. The latest is the Month of ActiveX bugs project. Go to the MoAxB blog to follow all the action live.
prestitial ad