February looks to be a busy month for Microsoft administrators. According to the latest advanced patch notification, the Redmond-based software company plans to release a dozen security bulletins next Tuesday. The bulletins will fix security flaws in Windows, Internet Explorer (IE), Office, the .NET Framework, and Exchange server. Microsoft rates five of the bulletins as Critical, and the rest as Important.
This week is rife with security news. If you want the quick highlights, you’ve come to the right place. Today’s video covers a few Yahoo XSS vulnerabilities, some serious UPnP security flaws, and the alleged China-based hack of the New York Times. Watch the video below for details.
Red October, Cisco WLAN Updates, and Expelled Hacker Welcome to another “on the road” edition of WatchGuard Security Week in Review, the video podcast dedicated to summarizing the biggest InfoSec stories each week. This week’s episodes covers a Cisco wireless controller security update, Kaspersky’s investigation into the Red October cyber-espionage campaign, and the controversy surrounding an expelled “white hat” hacker. For more details on those stories and others, watch the short video below.
This week’s security video summary comes a tad late due to my travel schedule this week. It covers updates on the two latest zero day exploits, Oracle’s critical patch update, and stories about a mobile phone botnet and US power plant breach. Click play below to watch the short episode, or check out the References for more details.
Ready for a weekly dose of InfoSec? This episode has a strong “patch” theme, with many vendors releasing some big security updates this week. Besides the patches, I also cover a few new 0day exploits, including a serious Java one getting leveraged quite a bit in the wild, and a couple crazy sounding security-related news items. If you want all the details, click play below, or check out the Reference section.
Besides all the Windows and Windows component-related bulletins from today, Microsoft also released a relatively minor bulletin about two cross-site scripting (XSS) vulnerabilities that affect Microsoft System Center Operations Manager (SCOM) 2007.
If you, like me, are still basking in the afterglow of a relaxing holiday respite, the relentless re-introduction of Microsoft Patch Day may seem like a harsh reminder of some of the drudgery suffered by an InfoSec professional. Don’t get me wrong! Patching is one of the most effective ways of keeping your systems safe. Yet, its ceaseless nature can’t help but put me into a Sisyphean mood.
As part of today’s Patch Day, Microsoft released a security bulletin describing a serious security vulnerability in the Windows version of Word — part of Microsoft Office package. The flaw doesn’t affect the Mac versions, but does affect the Word viewer and Office Compatibility Packs.
If you’re anything like me, your late December schedule is quickly filling with holiday parties, family activities, and seasonal days off. This means if you want to secure your Microsoft environment before the end of the year, you better get started earlier rather than later.
Like clockwork, Microsoft released their Advanced Notification post on Thursday, warning the world that they will release seven security bulletins for December. Next Tuesday’s bulletins will fix flaws in Windows, Office, and some of Microsoft’s Server Software.