Tag: patch
-
Patch early, patch often, but don’t blindly trust every ‘patch’
Patching is important, but not everything that presents itself as a security patch is safe to install. Malwarebytes researcher Jérôme Segura has written a detailed analysis of the ‘FakeUpdates’ campaign, where thousands of websites with an out-of-date content management system have been compromised to spread malware. Rather than exploiting vulnerabilities in browsers or browser plug-ins, as…
-
Patch early, patch often, but don’t blindly trust every ‘patch’
Patching is important, but not everything that presents itself as a security patch is safe to install. Malwarebytes researcher Jérôme Segura has written a detailed analysis of the ‘FakeUpdates’ campaign, where thousands of websites with an out-of-date content management system have been compromised to spread malware. Rather than exploiting vulnerabilities in browsers or browser plug-ins, as…
-
File-stealing vulnerability found in Firefox PDF reader
Both Windows and Linux users actively being targeted. If, like me, you are suffering from vulnerability fatigue after so many flaws and weaknesses having been disclosed in Las Vegas this week, you may be tempted to ignore the advisory Mozilla released yesterday. However, I strongly advise you don’t. The company says it has been made…
-
Paper: Windows 10 patching process may leave enterprises vulnerable to zero-day attacks
Aryeh Goretsky gives advice on how to adapt to Windows 10’s patching strategy. Patching is hard, especially when the code base is old and the bugs are buried deeply. This was highlighted once again this week when Microsoft released a patch for a vulnerability that was thought to have been patched almost five years ago,…
-
Almost 50% increase in reported vulnerabilities as non-Windows operating systems lead the table
Each discovered vulnerability is actually a good news story. Last week, security firm GFI published some research in which it looked at the number of vulnerabilities reported last year, their severity, and which operating systems they affect. The surprising result is that Apple ‘s OS X and iOS lead the table, followed by the Linux…
-
Out-of-band patch released for all Windows versions
Kerberos bug means one set of credentials suffices to rule them all. If you are a Windows systems administrator, the content of this blog post will (hopefully) not come as a surprise. If it does, you should finish reading it quickly and make some time to apply the out-of-band patch MS14-068 to all Windows systems…
-
Recently discovered Java vulnerability being added to exploit kit
Kit ‘patched’ to include latest exploit; users urged to patch their software too. Security researcher and journalist Brian Krebs has found evidence that a recently discovered vulnerability in Java is being added to the ‘BlackHole’ exploit kit. The vulnerability was discovered a few weeks ago and makes use of the Rhino Script Engine to run…
-
Hefty Patch Tuesday bulletin rounds off bumper year
No sign of an end to vulnerability glut. Microsoft released its monthly Patch Tuesday security bulletin yesterday, with details of a hefty 17 alerts covering 40 separate vulnerabilities. Although only two of this month’s haul were marked as ‘Critical’, many others could be used to launch malicious attacks on vulnerable systems. The Critical alerts included…