Updates for Windows for the month of June are out today and it looks like some list! 12 updates covering 20 or more vulnerabilities. MANY of these are tagged as critical. (Critical vulnerabilities are considered remotely exploited or with little (or no) user interaction.) Sans has a good listing of the advisories. This month it is a bit much to track in one big whallop… but I’ll try to give a summary here.
Category: Security-updates
-
Windows 98 won’t see the MS06-15 patch
It turns out that Windows 98 is just too hard for Microsoft to support with a security patch for MS06-15 now. The official support period ends in July, but they’ve announced that this one won’t be getting a patch as the changes would be just too substantial. Some of the mitigation suggestions involve using restricted zones settings to limit ActiveX and Active Scripting. (Of course, installing something other than Windows 95/98/ME might be considered a mitigating factor as well.)
-
Microsoft June Patch Cycle heads up
It’s about that time again folks…. Monthly Microsoft patch cycle – June patches will be released on the 13th (next Tuesday) and it looks like a big batch. There should be 12 patches this time and at least one of the Windows updates is Critical and at least one of the Office updates is critical. It’s widely expected that an update will be released for the Word vulnerability that’s been talked about previously here. Also, there will be a change in the ActiveX behavior in Internet Explorer. That change had been scheduled to come out a few months back, but was postponed.
-
Firefox 1.5.0.4 RPMS for Mandriva 2006
Just an update to let you know I’ve recompiled the src rpm’s from Cooker for Mozilla 1.5.0.4 (For Mandriva 2006) and am uploading them to a subdirectory in http://www.averyjparker.com/wp-content/downloads/firefox/. (Look for the Mozilla-Firefox-1.5.0.4 subdirectory… thought it would be fairly obvious.) Anyway, I’ve put the src rpm in a subdirectory mysteriously named src… and the devel rpms in their own directory. As always the rpms are without guarantee/warranty expressed or implied. They’ve worked for me (I’m typing this now from 1.5.0.4 under Mandriva…) If you find them useful – great. Updating this and this post to reflect updates.
-
Firefox 1.5.0.4 out….
I haven’t seen news to this yet, just found it on Mozilla.com, but the 1.5.0.4 release of firefox seems to have been released sometime today. (1.5.0.4 of Thunderbird was announced earlier today.) I don’t know how quick Google is at directing to the new version of firefox, but I’ll include a link in this message for those of you that don’t have it…. Firefox is a very nice customizable, free (open source) web browser that I’ve found many people prefer to Internet Explorer for a number of reasons….
-
Windows Automatic Updates now checking Genuine Advantage…
According to ibnlive.com started today (June 1st) Microsoft will be utilizing their Genuine Advantage check through the Automatic Update feature. Up until now, you have only been prompted for the Genuine Advantage check when visiting the Windows update site directly. (I can only assume the Genuine Advantage check is the method the article speaks of to verify if you have a licensed copy of windows.) Essentially, they say they will not be taking details like name/address, but they will nag you that you have a pirated copy of Windows and updates will not be available.
-
RealVNC 4.1.1 and prior exploits on the loose
As reported over the last several days, there is a critical problem with RealVNC 4.1.1, there is NOW an exploit in the wild for RealVNC 4.1.1, that SANS is looking for more information on. There are updates from RealVNC for all affected product lines. Other VNC implementations have not been reported to be affected. Only (as far as I know), RealVNC 4.1.1 on Windows (prior versions may be, but the initial report didn’t indicate 4.1.0 to be vulnerable.) Don’t take the last sentence to give an excuse NOT to check, check if you have updates for your vnc product.
-
Firefox 1.5.0.3 RPMS for Mandriva 2006
I’m in the process of uploading an update to the mozilla firefox 1.5 rpms for Mandriva 2006 that I have posted previously on the site. They should be browsable at http://www.averyjparker.com/wp-content/downloads/firefox/. In that directory you’ll see the source rpm I built from, then a subdirectory for firefox-1.5.0.3 with the main rpms and a subdirectory of THAT with the devel rpms.
-
RealVNC 4.1.2 update to patch security vulnerability
A few hours back, I updated My first post on the RealVNC 4.1.1 vulnerability and just saw another story that did not specify WHICH variation of VNC was at risk. TightVNC and UltraVNC seem to be immune according to the discoverer of the flaw. And as far as I’ve seen, there hasn’t been any contradiction of that.
-
Microsoft fixes security fix….
Well, for the second month in a row (I don’t recall one in March..) Microsoft has re-released a patch for Windows. This time it’s the Flash patch (which really falls under 3rd party software). They’ve re-worked the version detection of the update in an attempt to solve all the problems that people have run into with this update. The MS Security blog information is here.