patches

Scan your programs for security updates with Secunia PSI

Earlier this week, security company Secunia released a beta version of a new, free tool that scans all of your installed applications and analyzes their security patch statuses. The Secunia Personal Software Inspector evaluates all of the installed programs on your computer and compares them to a list of over 4,200 software programs.

After the scan is complete, Secunia PSI will categorize each program as "Up-To-Date" (everything is OK), "Insecure" (you've got an outdated version), or "End-of-Life" (your version is no longer supported). The results table presents the name and version number of your install app; each--when clicked--takes you to a page that gives more information about that program.… Read more

Microsoft fixes 11 flaws in six patches; three are critical

Microsoft has released its July 2007 security bulletin, which includes six updates: three are designated "critical" by the software giant; two are deemed "important," and one is ranked "moderate." Two affect Microsoft Office, and one affects the Windows Vista Firewall. This patch cycles also addresses one flaw first reported in 2005. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-036: Critical Titled "Vulnerabilities in Microsoft Excel … Read more

Microsoft announces six patches coming in July

As part of its July 2007 Patch Tuesday, Microsoft will patch at least six vulnerabilities. Three of the patches are deemed "critical" by Microsoft and affect software for Excel, Windows, and .Net Framework. Two are deemed "important" and affect software for Publisher and Windows XP. One is deemed "moderate" and affects Windows Vista. Details will be released on Tuesday, July 10, 2007.

iHype: Is the iPhone today's Cabbage Patch Kids?

My friend Chad, a techie and savvy lawyer at a tech firm, and I had lunch today where we spent more time pawing at my iPhone than catching up. He said to me that he's been reading blog after blog, review after review and lusting after one of these puppies. Apparently, there are now outages of the 8 gig, which validated my 10-hour wait, in some part.

Anyway, in the midst of sitting at a street cafe on Belden Lane on a sunny day in San Francisco we were more focused on the hot little item in our hands … Read more

Java Web Start security flaw patched

How about a security patch to take that bitter edge off your Java brew?

Sun Microsystems issued a security update on Thursday that is designed to patch vulnerabilities in its Java Web Start application, which allows software for the Java platform to be launched using a Web browser.

The security flaws, described as "highly critical," were found in Java Web Start versions JDK and JRE 5.0 Update 11 and earlier, as well as Java Web Start in SDK and, on Windows, version JRE 1.4.2_13 and earlier, according to a security advisory by Secunia.

Sun issued … Read more

Trillian critical security update released

Cerulean Studios on Monday released a "highly critical" security update for its Trillian multi-protocol chat software.

Attackers could exploit vulnerabilities in the character encoding for Trillian 3.1.5.1--specifically, the word-wrapping handling of UTF-8, the Unicode Transformation Format used for encoding characters in e-mail, instant messages and Web pages, iDefense Labs warned in its security advisory. The vulnerabilities potentially could affect earlier versions of the Trillian software as well, iDefense said.

Trillian, which supports Yahoo's Instant Messenger, AOL's AIM, MSN Messenger, and Internet-relay chat and ICQ ("I seek you") instant-messaging protocols, could be … Read more

Schannel zero-day exploit released

Only hours after Microsoft released a patch for the Windows Schannel Security Package, the researcher who discovered the vulnerability, Thomas Lim of COSEINC, released a public exploit for it. According to Microsoft, the Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page or used an application that makes use of SSL/TLS.

In an e-mail to the Full Disclosure mailing list, Lim said that he discovered the vulnerability on August 28, 2006, and reported it … Read more

Microsoft fixes 15 flaws with six patches; four considered critical

Microsoft has released its June 2007 security bulletin, which includes six updates: four are designated Critical by the software giant. Two of the patches affect Windows Vista, with one Critical patch specific to Internet Explorer. One of the Important patches affects Microsoft Office. To keep your Windows XP SP1 system secure, update to Windows XP SP2 today. All Microsoft security patches for Windows and Office software are available via Microsoft Update or via the individual bulletins detailed below.

MS07-030: ImportantEntitled "Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)," this bulletin affects users of Microsoft Visio … Read more

Yahoo releases critical security patch for IM

Yahoo has issued a critical security patch for Messenger to address zero-day exploits that take advantage of vulnerabilities in its Webcam ActiveX controls.

The exploits to instant messaging surfaced Wednesday, less than 24 hours after the vulnerabilities were first reported to Yahoo by eEye Digital Security.

People could find their systems at risk if they visit malicious Web sites or view other malicious HTML code. The attackers could then exploit security flaws in the Yahoo Webcam ActiveX control, a software package that is downloaded with Messenger.… Read more