A Watchful UI

Posted by uiitsecurity on November 8, 2011 in Security

It is the November edition of Watchful UI. May your pumpkins become pie before the month is out.

Adobe has released an update for Shockwave Player to fix multiple critical vulnerabilities.

http://www.adobe.com/support/security/bulletins/apsb11-27.html

Apple released QuickTime 7.7.1 for Windows to address multiple vulnerabilities including execution of arbitrary code, a denial-of-service, and the ability to obtain sensitive information.

http://support.apple.com/kb/HT5016

OS X 10.7.2 was released on Oct. 12. Nessus scans have been showing many computers that haven’t been updated yet.

http://support.apple.com/kb/HT5002

Google released Chrome 15.0.874.102 to address vulnerabilities including arbitrary code execution.

http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

Microsoft released four patches on Nov 8th. Two of these are rated as important and one is rated as critical. These patches deal with remote code execution, elevation of privilege and denial of service.

http://technet.microsoft.com/en-us/security/bulletin/ms11-nov

Pay particular attention to MS11-083: remote, unauthenticated compromise by sending UDP packets to a CLOSED port. You would think a closed port would be unaffected, but apparently not on Windows. If attackers figure out how to exploit this reliably, it will be a conficker-class worm in no time.

http://technet.microsoft.com/en-us/security/bulletin/ms11-083

Microsoft has also released a security advisory for the vulnerability in the TrueType font parsing that is used by the Duqu malware.

http://technet.microsoft.com/en-us/security/advisory/2639658

Mozilla has updated Firefox to version 8.

http://www.mozilla.org/en-US/firefox/8.0/releasenotes/

Oracle released its Critical Patch Update and Java SE Critical Patch Update Advisory fixing over 77 vulnerabilities covering multiple products.

http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

Please send us all comments and feedback!

Mitch Parks, GSEC/GCWN/GCFE
ITS Desktop Security Analyst

Zack Preston
ITS Desktop Security Assistant

Follow @UIITSecurity and @UIHelpDesk on Twitter for the latest articles and news.

Tags: Permalink
Follow

Get every new post delivered to your Inbox.

Join 106 other followers

%d bloggers like this: