patch

Symantec declares PCAnywhere safe with latest security patch

PCAnywhere customers' computers are apparently safe again as long as they apply the latest security patch to the software.

Following news of the theft of the product's source code, Symantec last week advised customers to disable the software to guard against cyberattacks.

But a round of free upgrades released last week were aimed at cleaning up the vulnerabilities.

On January 23, Symantec released a patch to secure PCAnywhere 12.5. And then January 27, the company rolled out another patch directed toward PCAnywhere versions 12.0 and 12.1.

Posting the latest information about the security updates and the source code theft, … Read more

Oracle squashes 78 software bugs in latest patch

Oracle yesterday deployed 78 different security fixes aimed at patching holes throughout its various database products.

As part of the company's January critical patch update, 16 of the 78 fixes were considered critical, meaning they could be exploited remotely. The fixes stretched across much of Oracle's product lineup, including Oracle Database Server, Fusion Middleware, E-Business Suite, Oracle Sun products, MySQL, VirtualBox, and PeopleSoft.

One of the patches addresses a major flaw that could compromise the security of Oracle database systems. Initially researched by InfoWorld, the flaw was shared with Oracle before the tech publication went live with the … Read more

Microsoft finally vanquishes the BEAST-related bug

A Microsoft Windows update today fixes a weakness in the protocols used to secure e-commerce sites, which was first exposed by researchers using a tool they dubbed "BEAST."

Microsoft planned to release the BEAST (Browser Exploit Against SSL/TLS)-related patch last month, but had to pull it because it created compatibility issues with SAP software. Researchers had demonstrated the vulnerability using BEAST in September, prompting fears that attackers would use the tool to snoop on protected Internet sessions in what is called a "man-in-the-middle" attack. MS12-006 patches a hole in the Secure Sockets Layer and … Read more

Microsoft fixes Duqu hole, but not BEAST problem

Microsoft has finally patched a flaw being exploited by the Duqu Trojan, but a fix to protect Internet Explorer users from having their encrypted communications snooped on didn't quite make the cut.

As part of Patch Tuesday today Microsoft released 13 security bulletins, fixing 10 important bugs and three critical ones, according to the advisory.

MS11-087 fixes a critical hole in the TrueType font handling in the Windows kernel that could allow an attacker to take control of a machine. It has been used in the wild to infect systems with the Duqu malware. "Now that the patch … Read more

The 404 957: Where the world's gone sour (podcast)

Leaked from 404 Podcast 957:

A researcher shows how to "friend" anyone on Facebook within 24 hours. Online casino gaming might come to Facebook users in the U.K. Siri on the Apple iPhone 4S tells you where to dump a dead body and where to score condoms, but has no clue about women's health clinics. Capcom seriously announces a Sour Patch Kids game with Method Man. GamePro magazine will quit publishing.… Read more

Flash scrapped for mobile browsers

Hewlett-Packard mulls what to do with WebOS, Asus unveils a powerful tablet, and Adobe ceases development of a Flash Player plug-in for mobile devices.

Links from Wednesday's episode of Loaded:

Adobe stops development on mobile Flash plug-in HP deciding fate of WebOS Windows security update available Asus Eee Pad Transformer Prime Starbucks gets merry with augmented reality Subscribe:  iTunes (MP3) |  iTunes (320x180) |  iTunes (HD) |  RSS (MP3) |  RSS (320x180) |  RSS HD

Microsoft patches critical Windows bug, but not Duqu flaw

Microsoft released a security update to fix one critical and three less serious Windows holes but is still working on a patch for a flaw being exploited by the Duqu Trojan.

The most serious of the updates is MS11-083, which could allow an attacker to take over a computer by sending a large number of malicious UDP packets to a closed port on a target system, the Patch Tuesday security bulletin said. It plugs a vulnerability in the TCP/IP stack in Windows 7, Vista, and Server 2008.

"Since this vulnerability does not require any user interaction or authentication, … Read more

Microsoft issues temporary fix for critical Windows hole

Microsoft issued a temporary fix this evening for a previously unknown critical Windows vulnerability being exploited by the Duqu Trojan to infect systems.

The software giant said in an advisory issued late tonight that a flaw in the Win32k TrueType font-parsing engine affected every version of Windows from XP through Windows 7. The vulnerability is related to the spread of the Duqu malware, a Stuxnet-like Trojan infecting computers via a Word document.

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode," the advisory warned. "The attacker could then install programs; view, change, … Read more

Microsoft patches IE9 with new security update

Microsoft has released a new update for Internet Explorer 9 that aims to patch several outstanding security holes.

Available through Windows Update since Tuesday, the security update is rated critical by Microsoft, which means that people who have Windows Update set to "install updates automatically" will automatically receive it.

Users who haven't enabled that option are advised to install the update manually from Windows Update. IT administrators who support large organizations should also apply the update with whatever patch management software they use in-house.

The update targets eight vulnerabilities in IE9, some of which could let a … Read more