Last Tuesday Microsoft and Adobe released patches to fix critical security bugs. Microsoft released patches to several components of it's OS as well as Internet Explorer and Office. Several of these could be used to take over your computer if you visited a website or opened a Office document and clicked the enable macro button.
Adobe Updated Flash Player to version 15.0.0.223 fixing several bugs that could be used to attack and take over your computer from a remote website.
More info.
Saturday, November 15, 2014
Tuesday, October 14, 2014
Update Tuesday
Today is update Tuesday. Microsoft, Adobe and Oracle pushed out patches fixing up flaws in their software.
Microsoft patches include critical security updates for Internet Explorer as well as other Windows and Office components. Adobe patched Flash Player and Air. Oracle released updates for Java.
More detailed info about the updates.
Microsoft patches include critical security updates for Internet Explorer as well as other Windows and Office components. Adobe patched Flash Player and Air. Oracle released updates for Java.
More detailed info about the updates.
Wednesday, September 17, 2014
Delayed patch for Adobe Reader/Acrobat released
Yesterday Adobe released the patch that they delayed last week for Reader and Acrobat. It fixes at least 6 vulnerabilities some of which can be used to take over a computer that opens a malicious PDF file. You can update through the help->check for updates menu or download directly from the links on the side.
Source.
Source.
Thursday, September 11, 2014
Update Tuesday - Microsoft and Adobe
Last Tuesday was the monthly update day for Microsoft and Adobe. Microsoft had updates to address critical security flaws in their operating system and in their Internet Explorer web browser. Adobe patched security flaws in Flash player and delayed a patch for Adobe Reader until next week due to reported issues with the update.
Source.
Source.
Monday, August 18, 2014
Update Tuesday
Last Tuesday was update Tuesday for Microsoft and Adobe.
Microsoft released it's usual batch of Updates for Windows as well as an announcement that they will only be supporting the latest version of Internet Explorer starting at the beginning of2015 2016.
Adobe released security updates for Flash Player and Reader.
Edit: date correction and link.
Microsoft released it's usual batch of Updates for Windows as well as an announcement that they will only be supporting the latest version of Internet Explorer starting at the beginning of
Adobe released security updates for Flash Player and Reader.
Edit: date correction and link.
Wednesday, July 16, 2014
Java Update
Oracle pushed out an update to Java yesterday bringing the version up to Java 7 update 65. They also clarified their position on updates for Windows XP: Java updates will continue to work on Windows XP but they will not be fixing any issues that only affect XP.
Wednesday, July 9, 2014
Another update Tuesday
Yesterday Microsoft pushed out security updates for Windows and Internet Explorer. Adobe also pushed out a security update for Flash player (version 14.0.0.145). Oracle says there is an update for Java due next Tuesday but it will not be compatible with Windows XP (which Microsoft has already ended support for earlier this year).
More details at http://krebsonsecurity.com/2014/07/microsoft-adobe-push-critical-fixes/
More details at http://krebsonsecurity.com/2014/07/microsoft-adobe-push-critical-fixes/
Thursday, June 12, 2014
Update Tuesday
Last Tuesday updates were released for Adobe Flash as well as several security updates from Microsoft.
As always, it's a good time to check that you have the latest updates installed for your browser plugins and operating system.
More details on the updates can be found here: http://krebsonsecurity.com/2014/06/adobe-microsoft-push-critical-security-fixes-4/
As always, it's a good time to check that you have the latest updates installed for your browser plugins and operating system.
More details on the updates can be found here: http://krebsonsecurity.com/2014/06/adobe-microsoft-push-critical-security-fixes-4/
Wednesday, May 14, 2014
Adobe and Microsoft updates
It's patch Tuesday again and this time there are the usual patches from Microsoft including the quarterly IE updates as well as updates to both Adobe Flash and Adobe Reader.
After performing updates it would be a good time to check your plugins.
More details at http://krebsonsecurity.com/2014/05/adobe-microsoft-issue-critical-security-fixes-2/
After performing updates it would be a good time to check your plugins.
More details at http://krebsonsecurity.com/2014/05/adobe-microsoft-issue-critical-security-fixes-2/
Wednesday, April 30, 2014
Out-of-band update for Flash
Adobe released an out-of-band update on Monday for Flash that fixes vulnerabilities that are being used to install malware remotely on computers. You should update your version of Flash as soon as possible to version 13.0.0.206. You can use the updater in the control panel (advanced tab) or manually update via the link on the side.
Thursday, April 17, 2014
Critical out-of-band Java update
Oracle released an update for Java that fixes some critical vulnerabilities. Four of the 37 fixes in the update are easily exploitable and give the attacker control of your computer so this one is critical to patch ASAP.
You can check which version of Java you are running at either Java's online update check or Mozilla's plugin checker. The latest version is Java 7 update 55.
More info on the update.
You can check which version of Java you are running at either Java's online update check or Mozilla's plugin checker. The latest version is Java 7 update 55.
More info on the update.
Tuesday, April 15, 2014
"Heartbleed" bug information
I've had a few family members ask about the "Heartbleed" bug that has made headlines over the last week. There are several details about this bug that I would like to bring attention to.
First off, this bug has wide reaching impact. An estimated 30% of internet servers world-wide were impacted by this issue. The bug can expose almost any information that is stored in memory on the server that was accessed. This includes things like usernames and passwords of users who had logged in recently, database passwords, server encryption keys, and administrator account credentials (in rare cases). The bug doesn't give the attacker control of the server directly but for some services it could expose information that would allow the attacker to make changes to the service. The attack leaves no indication that it has been performed on most servers so it is almost impossible for a company to know if their servers had been attacked.
Most of the main servers that were effected by the bug are now patched but finding a list of these servers is difficult but there is a short list of servers at Tom's Guide. You should change your password if you use any of the listed services and logout and back in to some of them to revoke your stored authentication tokens.
If you get prompted by a company to change your password you should, BUT DON'T FOLLOW AN EMAIL LINK TO DO SO. Instead, go to the site directly and follow whatever steps are on the site (usually under something like "my account"). Remember that an attacker could have obtained a list of customer's names and email addresses from vulnerable site.
More info on the bug at heartbleed.com and http://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/
First off, this bug has wide reaching impact. An estimated 30% of internet servers world-wide were impacted by this issue. The bug can expose almost any information that is stored in memory on the server that was accessed. This includes things like usernames and passwords of users who had logged in recently, database passwords, server encryption keys, and administrator account credentials (in rare cases). The bug doesn't give the attacker control of the server directly but for some services it could expose information that would allow the attacker to make changes to the service. The attack leaves no indication that it has been performed on most servers so it is almost impossible for a company to know if their servers had been attacked.
Most of the main servers that were effected by the bug are now patched but finding a list of these servers is difficult but there is a short list of servers at Tom's Guide. You should change your password if you use any of the listed services and logout and back in to some of them to revoke your stored authentication tokens.
If you get prompted by a company to change your password you should, BUT DON'T FOLLOW AN EMAIL LINK TO DO SO. Instead, go to the site directly and follow whatever steps are on the site (usually under something like "my account"). Remember that an attacker could have obtained a list of customer's names and email addresses from vulnerable site.
More info on the bug at heartbleed.com and http://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/
Wednesday, April 9, 2014
Last Patch Tuesday for XP/Office 2003
It's patch Tuesday again. This week Microsoft has released it's last batch of updates for Windows XP and Office 2003 (Server 2003 has another year of support). If you are still running Windows XP it's time to migrate or keep the device off of the network.
Microsoft also released several other patches for other versions of Windows and Office as well as updates for Internet Explorer. Many of these are rated critical and should be installed as soon as possible.
Adobe also released a critical update for Flash Player bringing it to version 13.0.0.182 on most devices. Update this as soon as possible (check your version).
More details on these updates.
Microsoft also released several other patches for other versions of Windows and Office as well as updates for Internet Explorer. Many of these are rated critical and should be installed as soon as possible.
Adobe also released a critical update for Flash Player bringing it to version 13.0.0.182 on most devices. Update this as soon as possible (check your version).
More details on these updates.
Thursday, March 13, 2014
Update Tuesday
Seems like the last update Tuesday was only a few days ago but here it is again. Microsoft released several updates including an update to IE 10 that fixes a current exploit being used to take control of computers. Adobe also released an update for Flash Player.
More info on both here.
More info on both here.
Wednesday, February 12, 2014
Update Tuesday
It was update Tuesday yesterday. Microsoft released several patches that fix 31 security issues in Windows. These should be installed as soon as possible.
Adobe also released an update to their Flash Player plugin last week that fixes a critical security issue that was being used to install malware on computers. They also released an update to their Shockwave player that resolves some other security issues.
If you are unsure if you have these plugins installed now would be a good time to check your browser plugins and make sure they are up-to-date. Mozilla has a nice plugin checker.
Tuesday, January 14, 2014
Update Tuesday (Microsoft, Adobe and Oracle)
It's update Tuesday again. Today updates were released from Microsoft, Adobe and Oracle that fix critical vulnerabilities in Windows (Microsoft), Office (Microsoft), Acrobat (Adobe), AIR (Adobe), Flash Player (Adobe), and Java (Oracle). It's important to install these updates as soon as possible.
Note that the Java update tries to install a toolbar by default. You likely want to un-check that option.
More details on the updates.
Note that the Java update tries to install a toolbar by default. You likely want to un-check that option.
More details on the updates.
Subscribe to:
Posts (Atom)