Security Alerts



Apple Releases a Pile of Security Updates in October

If you use Apple products, you’ll be busy updating this month. Today, Apple released a bunch of security advisories (on their Security Update page ), informing customers of updates for many of their products. Here’s a list of security advisories for all the updated products: OS X Lion v10.7.2 and Security Update 2011-006 iTunes 10.5 Safari 5.1.1 iOS 5 Software Update Numbers for iOS v1.5 Pages for iOS v1.5 Apple TV 4.4 If you use any of the affected Apple products, you should follow the links above to learn more about the flaws these updates fix (more…)

Share
October 13, 2011 — Category: Security Alerts

Patch Day Followup: Host Integration Server and Forefront UAG Updates

As you probably noticed, yesterday was Microsoft’s Patch Day. Hopefully, you saw our alerts for the most important October security bulletins, and have already gotten a start patching them. If not, you can find our Internet Explorer and consolidated Windows alerts here: Five Windows Bulletins, One Critical Critical IE Cumulative Patch Closes Eight Code Execution Flaws However, if you follow along with Microsoft’s bulletin releases, you may have noticed we left put two bulletins.We try to restrict our major LiveSecurity alerts to products or issues that we feel are relevant to the majority of our audience (more…)

Share
October 13, 2011 — Category: Security Alerts

Five Windows Bulletins, One Critical

Bulletins Affect .NET Framework, Media Center,  Kernel-mode Drivers, and More Severity: High Summary: These vulnerabilities affect: All current versions of Windows and components that ship with it How an attacker exploits them: Multiple vectors of attack including enticing your users to malicious web sites, or into opening booby-trapped files Impact: Various results; in the worst case, an attacker can gain complete control of your Windows computer What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you. Exposure: Today, Microsoft released five security bulletins describing eight vulnerabilities that affect Windows and components that ship with it. Each vulnerability affects different versions of Windows to varying degrees (more…)

Share
October 11, 2011 — Category: Security Alerts

Critical IE Cumulative Patch Closes Eight Code Execution Flaws

Severity: High 11 October, 2011 Summary: This vulnerability affects: All current versions of Internet Explorer (including IE9) How an attacker exploits it: By enticing one of your users to visit a malicious web page, or click a malicious link Impact: In the worst case an attacker can execute code on your user’s computer, gaining control of it What to do: Deploy the appropriate Internet Explorer patches immediately, or let Windows Automatic Update do it for you Exposure: In a security bulletin released today as part of Patch Day, Microsoft describes eight new vulnerabilities in Internet Explorer (IE) 9.0 and earlier versions, running on all current versions of Windows (including Windows 7 and Windows Server 2008). Microsoft rates the aggregate severity of these new flaws as Critical. The eight vulnerabilities differ technically, but share the same general scope and impact (more…)

Share
October 11, 2011 — Category: Security Alerts

Microsoft Black Tuesday: Browser Related Issues Can Make Surfing Dangerous

Microsoft has released their security patches and updates for October. (more…)

Share
October 11, 2011 — Category: Security Alerts

October’s Microsoft Patch Day to Correct 23 Vulnerabilities

Before running out for the weekend, don’t forget to remind your staff of Microsoft’s upcoming Patch Day. While next week’s Black Tuesday isn’t the largest they’ve ever dropped, it’s no slouch, with eight Security Bulletins. Here’s what you should expect: Four updates for Windows and its components, all rated Important A Critical update for Internet Explorer (IE) A Critical update for the .NET Framework and Silverlight An Important patch to fix a vulnerability in Forefront Unified Access Gateway And finally, an important bulletin for Microsoft Host Integration Server You can find a bit more about these upcoming bulletins, including their order of severity, in Microsoft’s  Advanced Notification post for October (more…)

Share
October 7, 2011 — Category: Security Alerts

Reader and Acrobat Updates Correct 13 Security Flaws

Summary: This vulnerability affects : Adobe Reader and Acrobat X 10.1 and earlier, on Windows, Mac, as well as Reader 9.4.2 for  UNIX How an attacker exploits it : Typically, by enticing your users into viewing a maliciously crafted PDF document Impact : In the worst case, an attacker can execute code on your computer, potentially gaining control of it What to do : Install Adobe’s Reader and Acrobat X 10.1.1 update as soon as possible (or let Adobe’s Updater do it for you). Exposure: As part of their quarterly patch day cycle (which shares the same date as Microsoft Patch Day), Adobe released a security bulletin describing 13 security vulnerabilities (number based on CVE-ID s) that affect Adobe Reader and Acrobat X 10.1 and earlier, running on Windows and Mac, as well as Reader 9.4.2 for UNIX. (more…)

Share
September 14, 2011 — Category: Security Alerts

Windows Updates Fix WINS Issues & Insecure DLL Loading Vulnerability

Severity: Medium 12 July, 2011 Summary: These vulnerabilities affect: All current versions of Windows and components that ship with it How an attacker exploits them: Multiple vectors of attack, including sending specially crafted WINS messages and enticing users to open malicious documents Impact: Various. In the worst case, an attacker can gain control of your Windows computer What to do: Install the appropriate Microsoft patches immediately, or let Windows Automatic Update do it for you. (more…)

Share
September 13, 2011 — Category: Security Alerts

Office Document Parsing Problems Cause a Predicament

Severity: High 13 September, 2011 Summary: These vulnerabilities affect: Most current versions of Microsoft Office and its components, as well as Office SharePoint and Groove servers and products. How an attacker exploits it: Typically by enticing one of your users to open a malicious Office document Impact: In the worst case, an attacker executes code on your user’s computer, gaining complete control of it What to do: Install Microsoft Office updates as soon as possible, or let Microsoft’s automatic update do it for you Exposure: As part of today’s Patch Day, Microsoft released three security bulletins describing flaws in Office and it’s components, as well as vulnerabilities in the Office SharePoint and Groove servers and products. (more…)

Share
September 13, 2011 — Category: Security Alerts

Microsoft Black Tuesday: Updates for Mangled Office Documents and Malicious WINS Messages

Unless you’re one of the eagle-eyed viewers that caught Microsoft’s slip last Friday, today is the first day you get to see this month’s batch of MS product patches. (more…)

Share
September 13, 2011 — Category: Security Alerts