patches

Adobe to fix critical Reader hole on Tuesday

Adobe will release a fix on Tuesday for a critical hole in Adobe Reader and Acrobat that is being used to attack PCs, the company announced today.

The zero-day vulnerability, which Adobe warned of three weeks ago, could allow an attacker to take control of the affected computer.

Adobe will release updates for Adobe Reader 9.3.4 for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.4 for Windows and Macintosh; and Adobe Reader 8.2.4 and Acrobat 8.2.4 for Windows and Macintosh to resolve issues in Reader and Acrobat and Flash Player.

Adobe issued an … Read more

Microsoft plugs new hole used by Stuxnet

Microsoft on Tuesday issued patches for 11 vulnerabilities in Windows and Office, including a hole being used by the Stuxnet worm to infect PCs.

The security bulletin MS10-061 addresses a vulnerability in the print spooler service of Windows that could allow an attacker to take control of a computer by sending a specially crafted print request to a vulnerable system where the print spooler service is exposed without authentication, according to the security advisory.

The hole, discovered by Kaspersky Lab and later Symantec, is being exploited by Stuxnet and is rated "critical" for Windows XP but only "… Read more

Microsoft to fix 13 holes in Windows, IIS, and Office

Microsoft will issue nine bulletins fixing 13 vulnerabilities on Tuesday that affect Windows, Internet Information Services, and Microsoft Office, the company said on Thursday.

Four of the bulletins are rated "critical" and the rest are rated "important," according to the Microsoft Security Response Center blog.

Affected software includes Windows XP, Vista, and Windows 7; Windows Server 2003 and 2008; and Office XP, 2003, and 2007, with the older versions affected by the critical bulletins, according to the security advisory announcing the plans for September's Patch Tuesday.

"Organizations running Windows 7 and Server 2008 R2 … Read more

Critical Adobe Reader hole to be patched Thursday

Adobe will release a patch on Thursday for a critical hole in Reader that was disclosed at the Black Hat conference late last month, the company said on Wednesday.

Adobe had announced on August 5 that the emergency fix was coming this week, in advance of the next quarterly security release, scheduled for October 12.

The security update will resolve an undisclosed number of critical issues in Reader 9.3.3 for Windows, Mac, and Unix; Acrobat 9.3.3 for Windows and Mac; and Reader 8.2.3 and Acrobat 8.2.3 for Windows and Mac, according to … Read more

AOL plans 500 Patch sites by year's end

Every big Web publisher, and lots of small ones, too, have tried to figure out how to crack the market for local Web ads. No one's figured it out yet.

But AOL feels good enough about Patch, its take on local, to take a minute to boast about its performance. Tim Armstrong's company is announcing that has now opened up 100 Patch outposts--digital versions of community newspapers, each staffed by a sole full-time editor and aided by a group of freelancers.

That's up from 44 at the end of the first quarter. AOL also noted it plans … Read more

Record Patch Tuesday yields critical Windows, IE fixes

Microsoft issued a record number of monthly patches on Tuesday, including fixes for eight critical holes affecting Windows, Internet Explorer, Microsoft Word, and other programs that could be exploited to take control of a computer.

Of the 14 patches addressing a total of 34 vulnerabilities, four of them should be given priority, Microsoft said in a Microsoft Security Response Center blog post:

MS10-052, which resolves a vulnerability in Microsoft's MPEG Layer-3 audio codecs that could allow remote code execution if a specially crafted media file were opened or a Windows user received specially crafted streaming content from a Web … Read more

Adobe to fix Reader hole unveiled at Black Hat

Adobe said Thursday that it will release an emergency fix the week of August 16 for a critical hole in Reader that was publicly disclosed at the Black Hat conference last week.

The flaw, which could be exploited to take control of a computer, is related to the way Adobe's PDF (portable document format) reader software handles fonts, said Charlie Miller, principal analyst at Independent Security Evaluators. He disclosed the hole in his presentation on a tool that can be used to figure out the underlying bugs to software crashes, he said.

"I don't give the exploit, … Read more

Microsoft to issue record number of patches

Microsoft will issue 14 security bulletins on Tuesday to plug 34 holes, including eight that are critical, in Windows, Office, Internet Explorer, SQL and Silverlight, the company said on Thursday.

"This will be the most bulletins we have ever released in a month; we have released 13 bulletins on a couple of occasions," Angela Gunn, security response communications manager at Microsoft, wrote in a blog post. "However, in total CVE [common vulnerabilities and exposures] count, this release ties with June 2010, so there's no new record there."

Affected software includes: Windows 7; Windows XP; Vista; … Read more

Google, Verizon in tiered-Net traffic talks

Links from Thursday's episode of Loaded:

Verizon & Google agreement may raise net fees RIP Google Wave FTC & Intel reach settlement Jailbreakme.com patch coming soon

TippingPoint gives vendors six months to fix holes

As of Wednesday, software vendors will have a deadline to fix vulnerabilities reported to them by TippingPoint's Zero Day Initiative rather than allowing holes to remain unpatched indefinitely.

Vendors will be required to fix the holes within six months, said Aaron Portnoy, manager of security research at TippingPoint, owned by Hewlett-Packard. TippingPoint runs the Zero Day Initiative, which acts a broker paying researchers for information on vulnerabilities and then providing the information to the vendors so they can fix them.

Extensions to the deadline will be given on a case by case basis, he said. If they don't … Read more