Monday, April 21, 2014

Oracle Critical Patch Update For Q2 of 2014

Oracle have released updates for their products that fix 104 security issues (including 37 Java fixes) in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2014.

Friday, April 18, 2014

Vulnerability In Wireshark

There has been found a vulnerability in Wireshark, free open source program for analyzing network protocols. By exploiting the vulnerability an attacker may be able to make Wireshark crash, hang, or execute code by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Vulnerable versions are: 1.10.0 - 1.10.3

Non vulnerable version of Wireshark can be downloaded here.

More information can be read from the related advisory.

Tuesday, April 15, 2014

ESET Global Threat Report for March 2014

ESET have published a report discussing global threats of March 2014.

TOP 10 threats list (previous ranking listed too):

1. WIN32/Bundpil (1.)
2. LNK/Agent.AK (2.)
3. Win32/Sality (3.)
4. INF/Autorun (4.)
5. Win32/Qhost (5.)
6. HTML/ScrInject (6.)
7. Win32/Conficker (8.)
8. Win32/Ramnit (7.)
9. Win32/Dorkbot (9.)
10. JS/Fbook (-)

Complete report (with a description about each of the above listed threats) can be downloaded here (in PDF format).

Friday, April 11, 2014

Google Chrome Updated

Google have released version 34.0.1847.116 of their Chrome web browser. Among other bug fixes the new version contains fixes to 31 security issues and also a new version ( of Flash Player.

More information in Google Chrome Releases blog.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:

- Users of Adobe Flash Player and earlier versions for Windows and Macintosh should update to Adobe Flash Player

- Users of Adobe Flash Player and earlier versions for Linux should update to Adobe Flash Player

- For users of Flash Player 11.7.700.272 and earlier versions for Windows and Macintosh, who cannot update to Flash Player, Adobe has made available the update Flash Player 11.7.700.275, which can be downloaded here. Beginning May 13, 2014, Adobe Flash Player 13 for Mac and Windows will replace version 11.7 as the extended support version. Adobe recommends users upgrade to version 13 to continue to receive security updates. See this blog post for further details.

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 10 and 11 (on Windows 8.0 and Windows 8.1) will be updated via Windows Update

- Users of Adobe AIR and earlier versions for Android should update to Adobe AIR

- Users of the Adobe AIR SDK and earlier versions should update to the Adobe AIR SDK.

- Users of the Adobe AIR SDK & Compiler and earlier versions should update to the Adobe AIR SDK & Compiler.

More information can be read from Adobe's security bulletin.

Wednesday, April 9, 2014

Microsoft Security Updates For April 2014

Microsoft have released security updates for April 2014. This month update contains four security bulletins of which two categorized as critical and two as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

Monday, April 7, 2014

What To Do With Computers Equipped With Windows XP?

Support for Windows XP is ending on April 8 2014. That means no new security patches for Windows XP will be released after that date. What to do if upgrading to a new operating system is not possible of a reason or another?

Here are some links about the subject: