It is the November edition of Watchful UI. May your pumpkins become pie before the month is out.
Adobe has released an update for Shockwave Player to fix multiple critical vulnerabilities.
Apple released QuickTime 7.7.1 for Windows to address multiple vulnerabilities including execution of arbitrary code, a denial-of-service, and the ability to obtain sensitive information.
OS X 10.7.2 was released on Oct. 12. Nessus scans have been showing many computers that haven’t been updated yet.
Google released Chrome 15.0.874.102 to address vulnerabilities including arbitrary code execution.
Microsoft released four patches on Nov 8th. Two of these are rated as important and one is rated as critical. These patches deal with remote code execution, elevation of privilege and denial of service.
Pay particular attention to MS11-083: remote, unauthenticated compromise by sending UDP packets to a CLOSED port. You would think a closed port would be unaffected, but apparently not on Windows. If attackers figure out how to exploit this reliably, it will be a conficker-class worm in no time.
Microsoft has also released a security advisory for the vulnerability in the TrueType font parsing that is used by the Duqu malware.
Mozilla has updated Firefox to version 8.
Oracle released its Critical Patch Update and Java SE Critical Patch Update Advisory fixing over 77 vulnerabilities covering multiple products.
Please send us all comments and feedback!
Mitch Parks, GSEC/GCWN/GCFE
ITS Desktop Security Analyst
ITS Desktop Security Assistant