This is a little old, reported about a month ago, but I’m just getting around to patching it and Microsoft isn't. The “Insecure Library Loading Could Allow Remote Code Execution” vulnerability was announced by Microsoft back in late August in bulletin 2269637. Unfortunately Microsoft has not rolled out a patch with their normal patch rollouts. Probably because of the potential to break apps. They did publishknowledge base article 2264107 which has a workaround to the problem. Read the rest »
Microsoft Security Updates for July 2008
Microsoft has released four security bulletins for July 2008, two of which are for desktops. MS08-038 addresses a vulnerability in Windows Explorer and is for Windows Vista and carries an “important” rating. The update includes the original Vista, Vista SP1 and Vista x64. MS08-037 addresses a vulnerability in DNS and is for Windows 2000 SP4, Windows XP SP2 & SP3, and Windows XP x64 original release & SP2. it’s rated as “important”. [Updated: This patch is part of a coordinated, multi-vendor DNS patch.] These patches, and the others, also affect [...] Read the rest »
Safari 3.1.1 Released
Apple has released Safari 3.1.1 for both OS X and Windows. I installed it on my two Leopard Macs without a problem through Apple’s Software Update and a reboot was required. It’s also available as a standalone download. The update includes four security fixes (two are Windows only). One of the patches plugs the vulnerability that won the PWN to OWN contest at CanSecWest. There’s also the standard …improvements to stability, compatibility… The reboot displayed a blank blue screen for a nerve-racking length of time but was otherwise uneventful. [Updated [...] Read the rest »
Microsoft Security Bulletins for April 2008
Another "Super Tuesday" patched this week but I just got around to firing up my Windows VM’s today (actually it’s been about 12 days since I’ve been in Windows). There were ten updates waiting for me on Windows Vista and eight on Windows XP Home, although not all were security related. This month’s updates included: KB945553 (MS08-020) – Vulnerability in DNS client could allow spoofing. This is rated as "Important" for all supported desktop OS’s except Windows Vista SP1, which doesn’t need the update. KB948590 (MS08-021) – Vulnerability in GDI [...] Read the rest »
Windows Home Server Security Updates
I don’t have my Windows Home Server set to automatically install updates from Microsoft. today was the day I went into the console and told it to pull down the updates. Even though I tell it not to automatically install the updates the process is unstoppable once I click the update now button. I don’t get a preview of the updates that will be installed. Today’s updates included: KB941693 (MS08-025) – Vulnerability in Windows Kernel could allow elevation of privilege. KB945553 (MS08-020) – Vulnerability in DNS client could allow spoofing. [...] Read the rest »
Apple Releases Security Update 2008-002 V1.1
Apple released an updated copy of Security Update 2008-002. The re-release is Leopard only. Apple is typically tight lipped and don’t ay what’s changed. Others have reported that it fixes an Aperture printing problem that was introduced in the first update attempt. This makes sense with what I’ve seen. I have three Macs with Leopard but only the two with Aperture were offered the new version of the update through Apple’s Software Update. Read the rest »
Apple OS X Security Update 2008-002
Apple released security update 2008-002 for all versions of OS X. It’s available through software update or as a direct download. The list of fixes is extensive and others who have counted them say they number over 40, I’ll take their word for it. I installed the update yesterday without a problem on my to Intel Macs running Leopard. A restart is required. I haven’t encountered any problems but with the wide range of fixes there’s probably pieces I haven’t touched yet. There’s three different versions of the update: Leopard, [...] Read the rest »
Microsoft Security Bulletins for March 2008
Microsoft has released 4 security bulletins for March. All are for Office products and all are rated critical for one or more of the affected products. There weren’t any OS or IE updates this month. Since I don’t run any Office products I didn’t install any Microsoft updates this month, but these were the updates: MS08-014 is a security update that patches several vulnerabilities in Microsoft Excel. Microsoft Excel 2003 Service Pack 3 and Microsoft Excel 2007 Service Pack 1 are not affected but other versions of Excel are vulnerable. [...] Read the rest »
Microsoft Security Bulletins for February 2008
Microsoft released 11 security bulletins for February 2008, six are rated critical and five are important. My Windows XP Pro SP2 installation received the following updates through Windows Update: MS08-010 – Cumulative Update for Internet Explorer (critical) MS08-007 – Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (critical) MS08-008 - Vulnerability in OLE Automation Could Allow Remote Code Execution (critical) A reboot was required. I’m running the Windows Vista SP1 Release Candidate so I didn’t get any updates on that machine. I don’t run MS Office apps so I [...] Read the rest »
Apple Updates Security Update 2007-009
Apple released Security Update 2007-009 v1.1 which resolves an issue Safari has with certain web sites. This update replaces the original update. If you installed the original update this will install over it and require a reboot. The update is available through Automatic Update or as a direct download. I haven’t experienced any actual Safari crashes, just some intermittent connectivity or website problems problems. I had one gray screen of death when Safari was running but that hasn’t returned since, even before this this update. So, it’s hard for me [...] Read the rest »
