I want to make a note of this here… Microsoft has announced that XP Home and Media center editions will get extended support on par with that of XP Pro. Essentially this means security updates for these versions of the OS should be available until 2014. Previously support for XP Home was to have ended as soon as December 2006, but was then extended modestly until after the release of Vista. The “Home” oriented products weren’t given the same length of support as the “Professional” or Business class products at that time. This announcement puts the two versions of XP on par with Pro.
Category: Security-updates
-
Massive Oracle quarterly patches
If Microsoft patched 101 flaws in one release it would make big headlines – so this deserves some headlines too…. more coverage at incidents.org
-
Microsoft October 2006 patch Tuesday
The first thing I should mention is that this months update from Microsoft is the last for XP SP1 users should plan a migration path to SP2 to keep getting updates to XP. Multiple vulnerabilities this month have been patched in Office There are 4 advisories, but a total of 15 issues covered by those four. Powerpoint, Excel, Word and Office/Publisher there are a variety of exploits, some public (like the powerpoint) others that were privately reported. Also, Incidents.org gives a nice summary of the advisories and the severity of each (urgency of updating.) The setslice vulnerability is patched in this batch by the way.
-
October Microsoft update advance notice….
11 patches will be released by Microsoft on the 10th of October. Bulletin is here, 6 for windows, 4 for Office (at least one in each of those two batches is critical) and 1 .NET (moderate) – yes the Windows updates will likely require a restart. Betanews has a bit more coverage hoping the WebViewFolderIcon ActiveX control vulnerability will get fixed in this batch.
-
Exploits in wild for recent Apple vulnerabilities
If you’ve been delaying on updating with the recent Apple Mac OS X updates…. don’t, there are exploits in the wild now for at least one. It’s speculated that this code may have been in the wild before Apple released the security updates.
-
Multiple Apple updates as Mac goes to version 10.4.8
Apple is fixing 15 security flaws with the 10.4.8 version upgrade of Mac OS X. (There is a second update as well…. Security Update 2006-006). In typical fashion there are a bundle of issues in these updates. Several address remotely exploitable vulnerabilities.
-
Microsoft releases official VML patch!!
The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that’s been actively exploited in recent days for everything from sneak keylogger installs to massive spyware installs. Sans has a few links, if you de-registered the affected DLL you should consider re-registering the same so that you’ll be able to view/access vml content in the future. Here’s Microsoft’s technet Security Bulletin on the matter. (Visit update.microsoft.com if it’s not automatically downloaded for you.) It should be noted that the RC of IE 7 was not affected by this vulnerability.
-
Apple Macbook pro and other wireless fixes
Do you remember the big bruhaha a month or so back about the “apple wireless vulnerability” that everybody picked apart because in the video taped demonstration they used a third party card…. EVEN though the demonstrators stated that the same vulnerability existed in Apple’s own driver some on the internet tore one reporter up over stating that because Apple denied being shown exploit code (slight semantic issue there…) Well… those driver vulnerabilities that must have not existed, were fixed today by Apple. Brian Krebs has the story, as well as incidents.org
-
ANOTHER Microsoft patch problem
This is getting to be like clockwork, but it sounds like this may be one of the nastiest problems so far. It appears that there is a problem with one of the recent patches from Microsoft MS06-49. It looks as though the problem is data corruption for small files (under 4096 bytes.) There’s a google groups thread here. The key factor seems to be that IF the folder is compressed, the data within is subject to this possible corruption.
-
Microsoft’s priorities…
I didn’t really think of this in context, but George Ou points out that Microsoft issued an “out of cycle” patch for their DRM software in response to the FairUse4WM software that stripped DRM protections from Windows Media Files. It took a mere 3 days from being made aware of the issue to releasing a patch. In context, we have seen numerous instances in the last year of “zero-day” vulnerabilities becoming known just after a monthly patch day, and Microsoft waiting until the next patch day to release a fix. So why the different response?