Four months after it first went public with a warning about widespread vulnerabilities in network security products, Stonesoft said it has found more than 100 new holes, and that security vendors are doing little to address the problem.
Browsing Tag: vulnerabilities
Following last week’s release of Chrome 9 and a rather brazen $20,000
offering to anyone who can hack their browser at CanSecWest, Google
released a stable
channel update addressing some security flaws and containing a new version
of Flash Player (10.2).
As malware authors and attackers have continued to employ the Windows AutoRun functionality to help spread their malicious creations–culminating famously in the Stuxnet worm–Microsoft has been making gradual changes to help prevent these attacks. This week the company took the major step of putting an optional fix into Windows Update that will disable Autorun.
When Barracuda Networks started its bug bounty program about three months ago, company officials weren’t exactly sure what to expect. They didn’t know whether there’d be an onslaught of submissions or the sound of crickets chirping. The reality turned out to be somewhere in the middle.
Adobe has released a massive set of patches that fix vulnerabilities in most of its more popular applications, including a number of critical bugs in Flash, Reader and Shockwave.
Microsoft addressed 22 flaws with 12 separate bulletins in February’s edition of Patch
Tuesday, including three bulletins that were rated critical with the remaining nine
rated as important. Among the programs affected are Microsoft Windows, Internet
Explorer, Office, Visual Studio, and IIS.
Opera has released a new version of its flagship browser, which, among other things, fixes a remotely exploitable critical vulnerability that was disclosed late last week. Opera 11.01 also includes some other stability upgrades.
Microsoft released just two bulletins in this month’s
edition of patch Tuesday. Both bulletins cover vulnerabilities in Windows, and Microsoft is recommending that users install the critical fix for the two vulnerabilities covered in MS11-02 immediately.
Microsoft’s vulnerability Severity Rating System is closing in on its tenth birthday. While the security landscape has been transformed during that time, the Ratings have endured. But do they still work? Threatpost asked prominent vulnerability researchers to give us their opinion. You may be surprised at what they had to say.
Security Experts will tell you that one year is a lifetime in the world of online threats and attacks. But eight years after Microsoft introduced its innovative severity rating system for software vulnerability, the company says its original definitions of what makes a software hole important still apply. Security experts aren’t so sure.