July 23, 2010
· Filed under Patch Management, Uncategorized · Tagged Patch, Mozilla, Apple
There were quite a few critical patches released this week. Some of these, such as Firefox, were expected. Mozilla just released an updated version for the Firefox browser. This is the second critical Firefox release just this week.
Mozilla Firefox 3.6.8
- Released 7/23/2010
- Fixes: 1 Critical Vulnerability
Mozilla Thunderbird 3.0.6
- Released 7/20/2010
- Fixes: 4 Critical Vulnerabilities; 1 High Vulnerability; 2 Moderate Vulnerabilities
Mozilla Thunderbird 3.1.1
- Released 7/20/2010
- Fixes: 5 Critical Vulnerabilities; 2 High Vulnerabilities; 3 Moderate Vulnerabilities
Mozilla SeaMonkey 2.0.6
- Released 7/20/2010
- Fixes: 7 Critical Vulnerabilities; 1 High Vulnerability; 3 Moderate Vulnerabilities
Mozilla Firefox 3.5.11
- Released 7/20/2010
- Fixes: 7 Critical Vulnerabilities; 1 High Vulnerability; 3 Moderate Vulnerabilities
Mozilla Firefox 3.6.7
- Released 7/20/2010
- Fixes: 8 Critical Vulnerabilities; 2 High Vulnerabilities; 4 Moderate Vulnerabilities
Apple iTunes 9.2.1
- Released 7/19/2010
- Fixes: CVE-2010-1777
- It is important to note a special case with QuickTime in this installer. If you do not have QuickTime currently installed, the iTunes installer will install version 7.66.73.0. QuickTime version 7.66.71.0 is the version publically available on Apple’s site. I did not see any release notes around this minor update, so I expect this is a minor fix that is not security related.
- Jason Miller
April 28, 2010
· Filed under Patch Management, Uncategorized · Tagged Apple
Apple has just released a new version of iTunes. iTunes 9.1.1 appears to be a maintenance release with no security fixes. Apple can be a bit slow on announce security fixes, so stay tuned.
Details on iTunes 9.1.1 can be found here.
This version of iTunes will still deploy QuickTime 7.6.6 as there was no update for QuickTime. On the Apple Application Support front, the installer still fails to install AAS when deployed silently. Like QuickTime, AAS did not get an upgrade as it is still at version 1.2.1.
- Jason Miller
February 13, 2010
· Filed under Uncategorized · Tagged Adobe, Patch
If you are still patching for February Patch Tuesday, you will want to consider patching Adobe Flash. Adobe has released a new version of Adobe Flash with version 10.0.45.2. Adobe Flash versions 10.0.42.34 and earlier should be patched. This patch addresses 2 security vulnerabilities rated as Critical.
Adobe AIR has a new version available as well.
Adobe also announced they will be releasing a security update for Adobe Reader and Acrobat next Tuesday, February 16. This update will address vulnerabilities rated as Critical.
- Jason Miller
November 5, 2009
· Filed under Uncategorized
Today, Microsoft announced the Advanced Notification for the November 2009 patch day. They are planning on releasing six new bulletins. These six bulletins address 15 vulnerabilities.
- Three bulletins are rated as Critical.
- Three bulletins are rated as Important.
- Five bulletins can lead to Remote Code Execution.
- One bulletin can lead to Denial Of Service.
- Four bulletins affect the Windows Operating System.
All operating systems are affected except Windows 7.
- Two bulletins affect Microsoft Office.
Microsoft Excel, Word and Excel Viewer are affected
Adobe released their quarterly security bulletin update last month, so there is no current planned release for Adobe this month.
More information regarding the bulletins will be released next Tuesday as Patch Day hits. This month, administrators are getting a bit of a break compared to last month. Six bulletins that affect pretty much any machine on your network can be painful, but this patch day will not be as bad as October’s Patch Day.
- Jason
