Archive for Uncategorized

This Week In Patching – 7/23/2010

There were quite a few critical patches released this week.  Some of these, such as Firefox, were expected.  Mozilla just released an updated version for the Firefox browser.  This is the second critical Firefox release just this week.

Mozilla Firefox 3.6.8

  • Released 7/23/2010
  • Fixes:  1 Critical Vulnerability

 

Mozilla Thunderbird 3.0.6

  • Released 7/20/2010
  • Fixes:  4 Critical Vulnerabilities; 1 High Vulnerability; 2 Moderate Vulnerabilities 

 

Mozilla Thunderbird 3.1.1

  • Released 7/20/2010
  • Fixes:  5 Critical Vulnerabilities; 2 High Vulnerabilities; 3 Moderate Vulnerabilities

 

Mozilla SeaMonkey 2.0.6

  • Released 7/20/2010
  • Fixes:  7 Critical Vulnerabilities; 1 High Vulnerability; 3 Moderate Vulnerabilities

 

Mozilla Firefox 3.5.11

  • Released 7/20/2010
  • Fixes: 7 Critical Vulnerabilities; 1 High Vulnerability; 3 Moderate Vulnerabilities

 

Mozilla Firefox 3.6.7

  • Released 7/20/2010
  • Fixes:  8 Critical Vulnerabilities; 2 High Vulnerabilities; 4 Moderate Vulnerabilities

 

Apple iTunes 9.2.1

  • Released 7/19/2010
  • Fixes:  CVE-2010-1777
  • It is important to note a special case with QuickTime in this installer.  If you do not have QuickTime currently installed, the iTunes installer will install version 7.66.73.0.  QuickTime version 7.66.71.0 is the version publically available on Apple’s site.  I did not see any release notes around this minor update, so I expect this is a minor fix that is not security related.

 

- Jason Miller

Leave a comment »

iTunes 9.1.1 Now Available

Apple has just released a new version of iTunes.  iTunes 9.1.1 appears to be a maintenance release with no security fixes.  Apple can be a bit slow on announce security fixes, so stay tuned.

Details on iTunes 9.1.1 can be found here.

This version of iTunes will still deploy QuickTime 7.6.6 as there was no update for QuickTime.  On the Apple Application Support front, the installer still fails to install AAS when deployed silently.  Like QuickTime, AAS did not get an upgrade as it is still at version 1.2.1.

- Jason Miller

Comments (2) »

New Version Of Adobe Flash Available / Reader Coming Soon

If you are still patching for February Patch Tuesday, you will want to consider patching Adobe Flash.  Adobe has released a new version of Adobe Flash with version 10.0.45.2.  Adobe Flash versions 10.0.42.34 and earlier should be patched.  This patch addresses 2 security vulnerabilities rated as Critical.

Adobe AIR has a new version available as well.

Adobe also announced they will be releasing a security update for Adobe Reader and Acrobat next Tuesday, February 16.  This update will address vulnerabilities rated as Critical.

- Jason Miller

Leave a comment »

November Patch Tuesday Advanced Notification

Today, Microsoft announced the Advanced Notification for the November 2009 patch day.  They are planning on releasing six new bulletins.  These six bulletins address 15 vulnerabilities.

  • Three bulletins are rated as Critical.
  • Three bulletins are rated as Important.
  • Five bulletins can lead to Remote Code Execution.
  • One bulletin can lead to Denial Of Service.
  • Four bulletins affect the Windows Operating System.
    All operating systems are affected except Windows 7.
  • Two bulletins affect Microsoft Office.
    Microsoft Excel, Word and Excel Viewer are affected

Adobe released their quarterly security bulletin update last month, so there is no current planned release for Adobe this month.

More information regarding the bulletins will be released next Tuesday as Patch Day hits.  This month, administrators are getting a bit of a break compared to last month.  Six bulletins that affect pretty much any machine on your network can be painful, but this patch day will not be as bad as October’s Patch Day.

- Jason

Leave a comment »