Microsoft has released four security bulletins for July 2008, two of which are for desktops. MS08-038 addresses a vulnerability in Windows Explorer and is for Windows Vista and carries an “important” rating. The update includes the original Vista, Vista SP1 and Vista x64. MS08-037 addresses a vulnerability in DNS and is for Windows 2000 SP4, Windows XP SP2 & SP3, and Windows XP x64 original release & SP2. it’s rated as “important”. [Updated: This patch is part of a coordinated, multi-vendor DNS patch.] These patches, and the others, also affect [...] Read the rest »
Microsoft Security Bulletins for April 2008
Another "Super Tuesday" patched this week but I just got around to firing up my Windows VM’s today (actually it’s been about 12 days since I’ve been in Windows). There were ten updates waiting for me on Windows Vista and eight on Windows XP Home, although not all were security related. This month’s updates included: KB945553 (MS08-020) – Vulnerability in DNS client could allow spoofing. This is rated as "Important" for all supported desktop OS’s except Windows Vista SP1, which doesn’t need the update. KB948590 (MS08-021) – Vulnerability in GDI [...] Read the rest »
Microsoft Security Bulletins for March 2008
Microsoft has released 4 security bulletins for March. All are for Office products and all are rated critical for one or more of the affected products. There weren’t any OS or IE updates this month. Since I don’t run any Office products I didn’t install any Microsoft updates this month, but these were the updates: MS08-014 is a security update that patches several vulnerabilities in Microsoft Excel. Microsoft Excel 2003 Service Pack 3 and Microsoft Excel 2007 Service Pack 1 are not affected but other versions of Excel are vulnerable. [...] Read the rest »
Microsoft Security Bulletins for February 2008
Microsoft released 11 security bulletins for February 2008, six are rated critical and five are important. My Windows XP Pro SP2 installation received the following updates through Windows Update: MS08-010 – Cumulative Update for Internet Explorer (critical) MS08-007 – Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (critical) MS08-008 - Vulnerability in OLE Automation Could Allow Remote Code Execution (critical) A reboot was required. I’m running the Windows Vista SP1 Release Candidate so I didn’t get any updates on that machine. I don’t run MS Office apps so I [...] Read the rest »
Security Quest #14: Apple Releases Security Patches
Apple released Security Update 2007-009 for OS X 10.4.11 Tiger and OS X 10.5.1 Leopard on Monday. The Apple support article lists 41 vulnerabilities that were patched. Patched components include Core Foundation, CUPS, Flash Player Plug-in, Launch Services, perl, python, Quick Look, ruby, Safari, Samba, Shockwave Plug-in, and Spin Tracer. The update requires a reboot. The Leopard update was a 35.4MB download on my Intel Macs through Apple Automatic Update. It’s also available as a 35.6MB standalone download. There are two versions for Tiger. The PPC version is a 15.9MB [...] Read the rest »
Security Quest #13: Microsoft Patch Tuesday
Yesterday was patch Tuesday for December and Microsoft released seven security bulletins. There weren’t any Office updates but there were updates for all supported OS’s – Windows 2000 Professional SP4 to Windows XP SP2, and Windows Vista – along with updates for Internet Explorer 6 and IE 7. All the updates are available through Automatic Updates or the Microsoft web site. Microsoft has said that exploits for the IE vulnerabilities are already being used. Click the bulletin number to go directly to the MS bulletin. I do not mention server [...] Read the rest »
Security Quest #12:Privacy
Facebook caused an uproar over the past week with their new Beacon advertising service. Being the last human not to have a Facebook account I didn’t follow the story too much at first, but then it became hard to ignore. At the very least it was a public relations disaster for Facebook, although I suspect it won’t really affect their membership numbers. Ars Technica has a pretty good summary and includes the changes Facebook made in response to the outcry. But it appears Facebook may still have a ways to [...] Read the rest »
Security Quest #10: Microsoft Patch Tuesday
Another second Tuesday of the month and another bundle of patches from Microsoft was expected. This time around there’s only one update for Microsoft desktops. Windows Vista goes patch-less this month. MS07-061 is a critical update for Windows XP on the desktop. It’s for both the regular and 64-bit editions. It supersedes MS06-045 and patches a vulnerability that allowed remote code execution when a specially crafted URI was passed. Windows 2000 Professional & Windows Vista are not affected. Several server versions also require the patch. I needed to reboot after [...] Read the rest »
Security Quest #7 – New Leopard Security Features
Now’s a good time to review the new security features Apple is adding to Leopard. Besides, between the site upgrade and Leopard prep I didn’t have time to put together another security topic. Apple has 11 new security features listed on their “300+ New Features” page. Some of the non-security features seem to be padding for the list, such as an “empty trash button”. How lame are the security features and which ones are padding? The 11 from Apple’s list are: 1. Tagging Downloaded Applications:It all depends upon implementation but [...] Read the rest »
Security Quest #5 – Patch Tuesday
Microsoft released five desktop security patches this month, 4 rated as critical and 1 rated important. All supported desktop OS’s get patched along with Internet Explorer and Outlook Express/Windows Mail. Even Mac users may need a patch. They also released one patch that was only for servers. Bulletin MS07-060 is for Office 2000, Office XP and Office 2004 for Mac users. It’s rated as critical for Office 2000 and important for the others. It patches a vulnerability that could allow remote code execution. Windows 2000 users will need MS07-055 which [...] Read the rest »