Subscribe Contact Us About Us Advertising Editorial Calendar SC US SC Aus/NZ

RSS | Login | Register

Patch Management

Microsoft to deliver 13 security patches for 26 bugs

Dan Kaplan February 08, 2010

After a quiet January Patch Tuesday that saw only one security update, Microsoft is back with a vengeance this month.

IIS issue not a new vulnerability, says Microsoft

Dan Kaplan January 04, 2010

Microsoft has shot down reports that its Internet Information Services (IIS) suffers from a vulnerability, saying that customers only need to worry if they are running a nondefault configuration of the web server.

Microsoft patch batch includes fix for zero-day IE flaw

Dan Kaplan December 09, 2009

Microsoft delivered its monthly security update on Tuesday to rectify 12 vulnerabilities, five of which are present in Internet Explorer (IE) and comprise the most pressing patch to deploy.

"Nine-Ball" mass injection attack compromised 40,000 sites

Angela Moscoritolo June 18, 2009

A new threat dubbed "Nine-Ball" has compromised up to 40,000 legitimate websites, which are, in turn, infecting users with an information-stealing Trojan, according to security vendor Websense.

Researchers expect widespread exploit of Adobe PDF flaw

Dan Kaplan February 23, 2009

Attackers are actively exploiting a gaping zero-day hole in versions 9 and earlier of Adobe Acrobat and Reader, the company has warned.

Eight Microsoft fixes planned for Patch Tuesday

Dan Kaplan December 05, 2008

Microsoft plans to release eight patches on Tuesday - six for "critical" vulnerabilities - as part of its monthly security update.

Report: Nearly all computer users running insecure programs

Angela Moscaritolo December 04, 2008

Only two per cent of computer users are fully patched and the other 98 per cent are running at least one insecure, unpatched program, security firm Secunia said this week.

Worm exploiting Microsoft vulnerability developing into botnet

Angela Moscaritolo December 03, 2008

The "W32.Downadup" worm, exploiting the patched Microsoft's Windows Server Service (MWSS) vulnerability, is the key component in a developing botnet, researchers at Trend Micro said this week.

Four fixes shipped for "critical" RealPlayer holes

Dan Kaplan July 29, 2008

RealNetworks has issued fixes for four critical vulnerabilities in its RealPlayer program.

Oracle pushes out 45 patches; 14 for Database

Dan Kaplan July 16, 2008

Oracle on Tuesday released 45 fixes for vulnerabilities across its products, including the widely deployed Oracle Database.

As businesses weigh adoption, new iPhone plugs 13 flaws

Dan Kaplan July 14, 2008

The second version of the iPhone, released Friday, includes faster internet, GPS functionality and an application store — as well as 13 security fixes.

Sun and Apple offer security updates

Dan Kaplan July 11, 2008

Sun Microsystems has issued fixes for a number of vulnerabilities in its Java offerings, while six flaws in Apple TV were patched.

Attackers target zero-day Microsoft Word bug

Dan Kaplan July 10, 2008

Hours after releasing four patches as part of its monthly security update, Microsoft warned late Tuesday of a new, zero-day vulnerability in Word that is being actively exploited in targeted but limited attacks.

Multiple vendors cooperate to issue DNS design flaw fix

Dan Kaplan July 09, 2008

A massive domain name server (DNS) design vulnerability that could permit cache poisoning - effectively allowing an attacker to direct users to the website of his choosing - is set to be fixed by an unprecedented synchronized series of multivendor patches.

Microsoft Patch Tuesday fixes nine vulnerabilities

Chuck Miller July 09, 2008

In its Patch Tuesday update, Microsoft addressed nine vulnerabilities by releasing four security updates, none of which were deemed critical.

Mozilla set to develop risk model for software development

Dan Kaplan July 08, 2008

Mozilla is trying to refute the notion that the buggier the software, the less secure it is.

Apple updates OS X to address security and performance issues

Richard Thurston July 01, 2008

OS X Leopard gets a new version as the Mac maker moves to improve reliability and squash a whole hatful of vulnerabilities

Vulnerability in Adobe Acrobat leads to public exploit

Dan Kaplan June 25, 2008

Adobe has updated its Reader and Acrobat products to shore up a major vulnerability that is already being exploited in the wild

Apple releases latest Leopard OS update

Jim Carr May 29, 2008

The Mac manufacturer has fixed 70 problems - including more than 40 vulnerabilities - in its Mac OS X 10.5 (Leopard) operating system and associated components

Alcatel-Lucent to secure mobile workers with always-on datacard

Richard Thurston May 22, 2008

The company is to bring to market next month a GPS and 3G enabled datacard which should give IT administrators 24/7 visibility of users' mobile devices

Microsoft releases three critical bulletins on Patch Tuesday

Richard Thurston May 14, 2008

The software giant has addressed six vulnerabilities in its monthly security update, including those affecting Word, Publisher, Jet Database Engine and Malware Protection Engine.

Microsoft releases 12 fixes for 20 flaws - including Word bugs - on Patch Tuesday

Dan Kaplan February 13, 2007

The wait for Word fixes ended today when Microsoft neatly delivered a single patch to correct a list of zero-day exploits, while also offering up 11 other bulletins as part of its monthly Patch Tuesday security update.

Microsoft says Word 2000 flaw is limited to DoS attacks

Dan Kaplan February 13, 2007

A newly reported vulnerability in Word is limited to DoS attacks and does not allow remote code execution, according to Microsoft.

Zero-day vulnerability found in Sun Microsystems Solaris 10 and 11

Frank Washkuch Jr. February 13, 2007

The SANS Institute's Internet Storm Center advised network administrators this week to disable all telnet functions due to a zero-day vulnerability in Sun Microsystems Solaris versions 10 and 11.

Microsoft plans a dozen fixes for February Patch Tuesday

Dan Kaplan February 09, 2007

Microsoft is planning to issue 12 fixes in next week's Patch Tuesday monthly security update — the most since last summer.

Trend Micro updates to fix Scan Engine vulnerability

Frank Washkuch Jr. February 09, 2007

Trend Micro has confirmed a vulnerability in its Scan Engine application that could be exploited by malicious users to take control of an affected system.

RSA Conference 2007: Core Security says third-party software is Vista's fatal flaw

Ericka Chickowski February 08, 2007

Researchers attending RSA Conference 2007 yesterday announced a new vulnerability — with a working exploit — that they said demonstrates Microsoft's Windows Vista's weakest link: its third-party software.

JavaScript malware infecting various websites

Dan Kaplan February 04, 2007

Dozens of unrelated websites contain malicious scripts that attempt to infect users' machines with malware, security experts said today.

Microsoft Excel target of new zero-day exploit

Dan Kaplan February 04, 2007

Attackers are exploiting a new zero-day vulnerability in Microsoft Excel, researchers said.

Microsoft tells Symantec that latest exploited Word flaw is variation of older vulnerability

Frank Washkuch Jr. February 02, 2007

Microsoft has confirmed that what appeared to be a newly discovered Word flaw is actually a variant of a vulnerability revealed last year, according to Symantec.