Monday, May 23, 2016

Microsoft Security Intelligence Report Volume 20 Released

Microsoft have released volume 20 of their Security Intelligence Report (SIR). The Security Intelligence Report (SIR) is an investigation of the current threat landscape. The report can be downloaded here.

Monday, May 16, 2016

Google Chrome Updated

Google have released version 50.0.2661.102 of their Chrome web browser. The new version contains five security vulnerability fixes. More information about changes in Google Chrome Releases blog.

Adobe Flash Player And Adobe AIR Updates Available

Adobe have released updated versions of their Flash Player and AIR. The new versions fix critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Affected versions:
- Users of Adobe Flash Player 21.0.0.226 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 21.0.0.242

- Users of Adobe Flash Player 11.2.202.616 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.621

- Flash Player integrated with Google Chrome will be updated by Google via Chrome update

- Flash Player integrated with Internet Explorer 11 (on Windows 8.x and Windows 10) and Microsoft Edge (Windows 10) will be updated via Windows Update

- Users of the Adobe AIR 21.0.0.198 SDK & Compiler and earlier versions should update to the Adobe AIR 21.0.0.215 SDK & Compiler

- Users of Adobe AIR 21.0.0.198 and earlier versions for Desktop Runtime should update to Adobe AIR 21.0.0.215.


More information can be read from Adobe's security bulletin.

Wednesday, May 11, 2016

Adobe Reader And Acrobat Security Updates

Adobe have released security updates to fix some vulnerabilities in their PDF products, Adobe Reader and Adobe Acrobat. The vulnerabilities could allow an attacker to take over the affected system.

Affected versions:
*Acrobat DC and Acrobat Reader DC, continuous track
version 15.016.20039 and earlier

*Acrobat DC and Acrobat Reader DC, classic track
version 15.006.30172 and earlier

*of series XI (11.x)
Adobe Reader 11.0.16 and earlier
Adobe Acrobat 11.0.16 and earlier


Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro

More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Adobe ColdFusion Hotfix Available

Adobe have released updated versions of ColdFusion web application development platform. These hotfixes resolve an input validation issue (CVE-2016-1113), a host name verification problem with wild card certificates (CVE-2016-1115) and include an updated version of Apache Commons Collections library to mitigate java deserialization (CVE-2016-1114).  

Affected versions:
- ColdFusion 2016 release and versions 10 & 11


More information can be read from Adobe's security bulletin.

Microsoft Security Updates For May 2016

Microsoft have released security updates for May 2016. This month update contains 16 security bulletins of which eight categorized as critical and eight also as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

WordPress 4.5.2 Released

There has been released a new version of WordPress (blogging tool and content management system) which contains updates to security vulnerabilities. The fixed vulnerabilities are related to 3rd party libraries (Plupload and MediaElement.js) used in WordPress.

Affected versions:
WordPress versions earlier than 4.5.2

More information can be read from the WordPress blog. There's also information regarding vulnerabilities in ImageMagick addon which is supported in WordPress. The information can be accessed here.