This time around, the zero day is related to Internet Explorer and activex… (directanimation specifically). Incidents has a good update on the issue. This is a second exploit, there was another at the end of August, MS has an advisory on the issue. I think a safe bet would be alternative browsers until this is patched. It is possible though to enable a kill bit, or vary security settings to disable/always prompt before using activex.
Month: September 2006
-
Firefox and Thunderbird updates
As I’ve just posted to the security-update-notice category, Firefox and Thunderbird both have been released in 1.5.0.7 version…. the release fixes a number of known security issues and you should upgrade as soon as possible. Details on the issues at incidents.org Also, you can visit mozilla.com for downloads
-
Mozilla Thunderbird 1.5.0.7
Multiple Security updates release notes.
-
Mozilla Firefox 1.5.0.7
Multiple Security updates release notes.
-
Apple Quicktime 7.1.3
Quicktime multiple vulnerabilities Mac/Windows…
-
Adobe Flash Player 9.0.16.0
Flash Player multiple security vulnerability for all versions prior to (and including) 8.0.24.0 details.
Update to 9.0.16.0 (OR 8.0.33.0, 7.0.68.0, or 7.0.66.0 from advisory.) -
Microsoft Windows and Office updates (September 2006)
Several Security issues (September 2006 patch day.) Several previous patches re-released. details.
(Updated to correct year – 2006 not 2007 )
-
Microsoft Update day for September…. AND Flash… AND Apple
Yesterday, of course, Microsoft released it’s monthly patches. I found the Windows update site to be painfully slow (and in some cases unresponsive.) It wasn’t quite a huge update day by recent standards, but here’s the summary…. Incidents.org has a nice chart showing the two re-released patches (one is actually re-re-released…) They are MS06-040 (server service patch – critical) and MS06-042 (IE 6 patch). Both of those vulnerabilities addressed are well known and could be actively exploited. The “first release” updates from this month affect Microsoft Queue System MS06-052 which is the most important of the releases….
-
ANOTHER Microsoft patch problem
This is getting to be like clockwork, but it sounds like this may be one of the nastiest problems so far. It appears that there is a problem with one of the recent patches from Microsoft MS06-49. It looks as though the problem is data corruption for small files (under 4096 bytes.) There’s a google groups thread here. The key factor seems to be that IF the folder is compressed, the data within is subject to this possible corruption.
-
Chase throws data on 2.6 million customers in landfill
Chase Card services mistakenly threw out backup tapes that contained the card information of around 2.6 million customers (according to the article Circuit City card holders (former and current.)) 5 data tapes were mistakenly trashed in July. Fortunately, they think the tapes were destroyed at the landfill, and are 1)notifying the affect, 2)working with authorities. So, it may be that no data in this case was actually leaked… it does underscore one thing….