updates Archive

« Older Entries

Adobe Flash player Update 27 March 2012

By derek | Filed in adobe, browser, Chrome, Exploits, firefox, Malware, Security advice, updates, Warnings and Alerts, Windows

There seems to have been a security update to 11.2.202.228 but I can find no release notes or information why the update has been issued except general gossip to say to fix undisclosed vulnerabilities

Some users have reported problems with installing the update via adobe web based install so an alternative method is to use the full installers on http://www.adobe.com/products/flashplayer/distribution3.html

I understand that some antiviruses including Eset/Nod have conflicts with the adobe web based installer

Edit:
details here
http://forums.adobe.com/message/4296259

it isn’t a security fix but a whole new version of flashplayer with additional capabilities

Share
Be the first to comment

Make sure your Java is up to date

By derek | Filed in browser, Exploits, Java, Malware, Security advice, updates, Warnings and Alerts

 

Public Java Exploit Amps Up Threat Level — Krebs on Security:
http://krebsonsecurity.com/2011/11/public-java-exploit-amps-up-threat-level/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29

“An exploit for a recently disclosed Java vulnerability that was previously only available for purchase in the criminal underground has now been rolled into the open source Metasploit exploit framework. Metasploit researchers say the Java attack tool has been tested to successfully deliver payloads on a variety of platforms, including the latest Windows, Mac and Linux systems.”

“The exploit attacks a vulnerability that exists in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier. If you are using Java 6 Update 29, or Java 7 Update 1, then you have the latest version that is patched against this and 19 other security threats. If you are using a vulnerable version of Java, it’s time to update. Not sure whether you have Java or what version you may be running? Check out this link, and then click the “Do I have Java?” link below the big red “Free Java Download” button. Apple issued its own update to fix this flaw and other Java bugs earlier this month.”

 

RoboForm: Learn more...
Share

June 2011 Adobe updates

By derek | Filed in adobe, browser, Exploits, Malware, Privacy, updates, Warnings and Alerts

As if you needed more updates this week…

APSB11-16 – Security Advisory for Adobe Reader (v10.1) and Acrobat (v10.1 et al.)
http://www.adobe.com/support/security/bulletins/apsb11-16.html

APSB11-17 – Security Update Available for Adobe Shockwave Player v11.6.0.626
http://www.adobe.com/support/security/bulletins/apsb11-17.html

APSB11-18 – [Yes, yet another] Security update available for Adobe Flash  Player (v10.3.181.26)
http://www.adobe.com/support/security/bulletins/apsb11-18.html

Share

Another new URGENT Adobe flash security update

By derek | Filed in adobe, Apple, browser, Chrome, Exploits, firefox, Malware, microsoft, mozilla, updates, Warnings and Alerts

http://www.adobe.com/support/security/bulletins/apsb11-13.html
An important vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.
Adobe recommends users of Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 10.3.181.22 (10.3.181.23 for ActiveX). Adobe expects to make available an update for Flash Player 10.3.185.22 for Android during the week of June 6, 2011.

Adobe is still investigating the impact to the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions of Adobe Reader and Acrobat for Windows and Macintosh operating systems. Adobe is not aware of any attacks targeting Adobe Reader or Acrobat in the wild.

Share

Microsoft security bulletin feedback

By derek | Filed in microsoft, updates

Microsoft wants your feedback on security bulletin information. Survey here: Security Bulletin Survey

Share

Microsoft is aware of nine fraudulent digital certificates issued by Comodo

By derek | Filed in browser, Exploits, firefox, Malware, microsoft, mozilla, Phishing, Privacy, Rogue Software, scams, Skype, updates, Warnings and Alerts

The full advisory can be found on the Web at: http://www.microsoft.com/technet/security/advisory/2524375.mspx.

===========================
SUMMARY
===========================
Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

Certificates for the following Web properties are affected:

• login.live.com
• mail.google.com
•www.google.com
• login.yahoo.com (3 certificates)
• login.skype.com
• addons.mozilla.org
• “Global Trustee”

Comodo has revoked these certificates, and they are listed in Comodo’s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used.

An update is available for all supported versions of Windows to help address this issue. For more information about this update, see Microsoft Knowledge Base Article 2524375 (http://support.microsoft.com/kb/2524375).

Typically, no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically. For more information, including how to manually install this update, see the Suggested Actions section of this advisory.

===========================
RECOMMENDATIONS
===========================
Review Microsoft Security Advisory 2524375 for an overview of the issue, details on affected components, suggested actions, frequently asked questions (FAQ), and links to additional resources. MSRA Security Partners who are experiencing issues believed to be related to the issues described in this advisory should contact us via e-mail or by calling 888-HELPSEC with your custom Access ID.

===========================
ADDITIONAL RESOURCES
===========================
• Microsoft Security Advisory 2524375 – Fraudulent Digital Certificates Could Allow Spoofing –http://www.microsoft.com/technet/security/advisory/2524375.mspx

• Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc

More details on Comodo blog

Share

Microsoft update for Windows 7 KB2505438

By derek | Filed in microsoft, scams, typo squatting, updates, Warnings and Alerts

We are seeing on the forums and newsgroups several reports from users of “worries” about this update and following the links from the windows update page or the update history page on your computer doesn’t take you to the correct Microsoft support & information page about the update but to an advertising page

Ths is due to a mistype by Microsoft when inserting the link. You are NOT infected. Microsoft website is NOT infected. It is just a mistype by a Microsoft employee.
Microsoft have fixed the link on the windows update page and partially have on the history page on your computer. It looks like some of the regional Microsoft update servers are still giving a cached copy of the update with the bad link, but others are giving the correct link.
The correct link for support or information about this update is
http://support.microsoft.com/kb/2505438
The mistyped link was

http://support.micrososft.com/kb/2505438

Note the extra S in microsft
It is an easy typing error to make.
So Don’t panic about it. I repeat again you are not infected, Microsoft website is not infected, it was just a simple typing error that has been partially corrected and I expect to be fully corrected very soon.

We often see major problems with typo squatting. This is when unscrupulous people buy up every possible combination of mistypes for common domain names, in the hope that they will get money someone mistypes a URL ( web address) and lands on their site/landing page instead. This time it is only harmless advertising but in many cases the unscrupulous owner will either attempt to sell you a fake program or even worse install malware from the fake page.
Watch links you follow & make sure that they are spelled correctly
See the screenshots

Mistyped url on update history for KB2505438

Mistyped URL for KB2505438 from Windows update site

RoboForm: Learn more...
Share
Tags: , , , ,

Flash Player update

By derek | Filed in adobe, updates

New version of Adobe Flash Player!
It’s 10.2.156.32 and available at the ‘usual’ URL; http://get.adobe.com/flashplayer/

No change log or other details yet so unknown whether a bug fix on recent 10.2.156.26 release or whether a new security vulnerability has been found & quietly fixed

Share

Security Advisory 979682 Released

By derek | Filed in Exploits, Malware, microsoft, updates, Warnings and Alerts

Security Advisory 979682 Released

Today we released Security Advisory 979682 to address an Elevation of Privilege (EoP) vulnerability in the Windows kernel, affecting all currently supported versions of 32-bit Windows. 64-bit versions of Windows, including Windows Server 2008 R2, are not affected. The advisory provides customers with actionable guidance to help with protections against exploit of this vulnerability.

To exploit this vulnerability, an attacker must already have valid logon credentials and be able to log on to a system locally, meaning they must already have an account on the system. An attacker could then elevate their privileges to the administrative level and run programs of their choice on the system.

To help mitigate exploit of this vulnerability, customers who do not require NT Virtual DOS Mode (NTVDM) or support for 16-bit applications, can disable the NTVDM subsystem. Information on this workaround can be found in the Advisory.

We are not currently aware of any active attacks against this vulnerability and believe risk to customers, at this time, is limited. We continue to recommend customers review the mitigations and workarounds detailed in the Security Advisory.

We are also working with our Microsoft Active Protections Program (MAPP) partners to help provide broader protections for customers.

Our teams are continuing to work on an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing the update out-of-band.

The Security Advisory will be updated with any new developments so if you are not already subscribed to our comprehensive alerts, please do so in order to be alerted by email when new information is added.

We will also keep customers apprised of any additional details and updates through the MSRC Blog.

Thanks,

Jerry Bryant

via http://blogs.technet.com/msrc/archive/2010/01/20/security-advisory-979682-released.aspx

Share

Adobe Issues Critical Updates To Flash, AIR – Security Watch

By derek | Filed in adobe, Apple, browser, Exploits, microsoft, updates

Adobe released new versions of Flash and AIR today to address vulnerabilities in both products. Applying these updates as soon as practicable is a good idea, as Flash vulnerabilities are popular exploit vehicles in the wild.

Click here to install Flash 10.0.42.34.

Click here to install AIR 1.5.3.

The expanded security advisory explains that critical vulnerabilities could provoke crashes or remote code execution. Adobe Flash Player 10.0.32.18 and earlier versions and Adobe AIR 1.5.2 and earlier versions on all platforms are vulnerable.

7 new vulnerabilities are described cursorily. A patch to an eighth and older vulnerability is also updated. Adobe issues thanks to 6 different researchers for the help they provided with the vulnerabilities.

The advisory also adds that Flash Player version 10.1, which Adobe expects to release in the first half of 2010, will be the last to support PowerPC-based G3 Macs. They are discontinuing support, including security updates, past that version because they are implementing performance enhancements not supported in those processors.

Share
Tags: ,