Microsoft’s batch of patches this month is a big one: 10 bulletins covering a total of 31 documented vulnerabilities affecting the Windows OS, the Internet Explorer browser and the Microsoft Office productivity suite (Word, Works and Excel).
Browsing Category: Vulnerabilities
By Eric Schultze
Microsoft released 10 security bulletins today. Six of the bulletins impact the Windows operating system, while one applies to the Internet Explorer browser and three affects Microsoft Office (Word, Excel, Works).
Some interesting notes for today:
From The H Security
The Apache Tomcat developers have released patches to fix three vulnerabilities in their implementations of the Java Servlet and JavaServer Pages technologies. When Tomcat receives a request with invalid headers via the Java AJP connector, it closes the connection without returning an error message. The vulnerability can be exploited by an attacker in load balancing environments to initiate a denial of service (DoS) attack. Read the full story [h-online.com]
Adobe’s first ever quarterly patch for the Reader and Acrobat product lines is set for June 9, the same day Microsoft is scheduled to deliver its batch of security updates.
As previously announced, Adobe plans to deliver security updates for Adobe Reader and Acrobat versions 7.x, 8.x, and 9.x for Windows and Macintosh on Tuesday, June 9.
From TidBITS (Rich Mogull)
With the impending release of the next versions of both Mac OS X and the iPhone operating system, it seems a good time to evaluate how Apple could improve their security program. Rather than focusing on narrow issues of specific vulnerabilities or incidents, or offering mere criticism, I humbly present a few suggestions on how Apple can become a leader in consumer computing security over the long haul. Read the full story [tidbits.com]
Microsoft plans to ship 10 security bulletins next Tuesday (June 9, 2009) with fixes for a wide range of code execution vulnerabilities affecting Windows, Microsoft Office and Internet Explorer.
Six of the ten bulletins will be rated “critical,” Microsoft’s highest severity rating. See the advance notice advisory [microsoft.com]. Read more at ZDNet Zero Day.
Dennis Fisher talks with Securosis founder Rich Mogull about Mac security, Obama’s cybersecurity plan and his Project Quantpatch-management work with Microsoft.
Apple today released QuickTime 7.6.2 with fixes for a variety of security vulnerabilities, some of which could lead to arbitrary code execution attacks.
The update, available for Mac OS X, Windows XP and Windows Vista, covers a total of 10 documented vulnerabilities that could be exploited via booby-trapped movie, video, image and audio files. Read the full story [zdnet.com]
From Reuters (Tarmo Virki)
Accessing your bank account using your mobile phone might seem safe, but security experts say would-be hackers can access confidential information via a simple text message seemingly from your service provider.
People in the industry aware of the risk see it as extremely small, as only a few people use handsets to access their bank accounts, but it is growing as mobile Internet usage rises. Read the full story [reuters.com]
In the first episode of the Threatpost Daily News Wrap podcast, Threatpost editors Ryan Naraine and Dennis Fisher discuss President Obama’s cybersecurity plan and the Microsoft DirectShow vulnerability.