Here is a review of this weeks Cert Advisory. Surprising number of Google Chrome issues this week, luckily Chrome is updated constantly and quietly without prompting. This is a weekly feature here at Managed Solutions.
Popularity: 2% [?]
Google Chrome Vulnerabilities – Joe Reviews SB10-053 Cert Report (Video)
February 24, 2010 By Leave a Comment
Run Windows Updates – Joe Reviews SB10-046 Cert Report (Video)
February 15, 2010 By Leave a Comment
Here is a review of this weeks Cert Advisory. This week is Microsoft triage week, there are a ton of 9.3 severity and above (out of 10) vulnerabilities. This is a weekly feature here at Managed Solutions. What can you do to protect yourself:
- Perform Windows updates when prompted or visit http://update.microsoft.com/windowsupdate
- Perform Office Updates if you use any of the Micrososft Office family products at http://office.microsoft.com
- Be cautious with file attachments and links in Email and practice more careful browsing habits.
Popularity: 2% [?]
Joe Reviews SB10-040 Cert Report (Video)
February 9, 2010 By Leave a Comment
Here is a review of this weeks Cert Advisory. The main highlight are the vulnerabilities in Internet Explorer version 5, which is not broadly used. This is a weekly feature here at Managed Solutions.
Popularity: 2% [?]
Joe Reviews SB10-32 Cert Report (Video)
February 1, 2010 By Leave a Comment
These are weekly reviews of the reports from CERT. The main highlights are some Realplayer vulnerabilities and the Cisco Unified Meeting Place. This is a weekly feature here at Managed Solutions.
Cisco Unified Meeting Place Bulletins
Popularity: 2% [?]
Joe Reviews SB10-25 Cert Report (Video)
January 25, 2010 By Leave a Comment
These are weekly reviews of the reports from CERT. Nothing too horrible this week, but I provide more insights into what to look for and why. I did review the Shockwave Player vulnerability after recording the video and determined that since it is not a common component for most of our audience it did not merit a separate bulletin and notice. This is a weekly feature here at Managed Solutions.
Popularity: 2% [?]
Update Your Adobe Acrobat Products Immediately
January 18, 2010 By 9 Comments
Here at Managed Solutions we do not raise the red flag often, but after reviewing the latest CERT advisory, we’ve done just that. Do not delay, upgrade your Adobe Acrobat and Acrobat Reader Products immediately to the latest version, apply the security patches or install adobe updater recommended updates. The US-CERT Bulletin for today SB10-018 indicates 6 different CVSS Score of 10 vulnerabilities for Adobe Acrobat and Acrobat Reader. Basically a CVSS Score of 10 indicates the highest threat level due to the remote code execution capability and these issues should be taken very seriously. There is a link at the bottom of this article to the resources at Adobe’s website as well as a download for the Windows Version of Adobe Acrobat, please pass the word.
Access the security updates
We’ve learned that some people are having problems downloading the update directly from Adobe’s website so we’ve put the Windows version of Adobe Acrobat Reader 9.3 here for download.
Popularity: 7% [?]
Sun Java Vulnerability
March 7, 2008 By Leave a Comment
We have received a notice from US-CERT about a security flaw involving Sun Microsystems Java Platform. The flaw affects JDK and JRE 6 Update 4 and earlier versions of Java. This flaw has been labelled critical, and we are prioritizing addressing this flaw with our customers.
Who should be concerned?
- Anyone who accesses the Internet with a Web Browser and/or using Java JRE 6 Update 4 and earlier (nearly everyone!).
If I meet the criteria that makes me vulnerable, what should I do?
- You should apply an update for Sun Java as soon as possible.
- You can download this update at java.com .
Where can I get more information about this problem?
Popularity: 1% [?]
IE7 and Adobe Security Alert
October 24, 2007 By Leave a Comment
We have received a notice from US-CERT about a security flaw involving Internet Explorer 7 and Adobe Acrobat. The flaw only affects windows based machines that have Internet Explorer 7 and Adobe Acrobat products. If you have both of these products installed your system could be compromised if you opened a pdf file that was crafted to exploit this flaw. This flaw has been labelled critical, and we are prioritizing addressing this flaw with our customers.
Who should be concerned?
- Anyone with both Internet Explorer version 7 and Adobe Acrobat installed.
- Anyone using Adobe Acrobat products version 8.1 or earlier in conjunction with Internet Explorer 7.
If I meet the criteria that makes me vulnerable, what should I do?
- You should avoid opening PDF files from untrusted sources.
- You should apply an update for your Adobe Acrobat as soon as possible.
- If unable to install an update, you should disable the mailto: URI handler on your Adobe Product (See Adobe Security Bulletin APSB07-18 for details on how to do this).
Where can I get more information about this problem?
- Adobe Security Bulletin APSB07-18
- US-CERT Advisory VU#403150
- Microsoft Security Advisory (943521)
- Registry fix to disable mailto: handler (Unsupported!)
Popularity: 1% [?]
3 Critical Updates for Microsoft Products
January 9, 2007 By Leave a Comment
There are some critical patches available today to address bugs in Internet Explorer (nearly all versions), Outlook (numerous versions) and Excel (numerous version). We recommend you take these precautions for the coming few days even if you are able to install the update.
- Exercise caution with your web access habits.
- Do not open any attachments in Outlook that you are not expecting.
- Delete any suspicious emails you receive.
These updates will be available immediately from microsoft, to download them manually:
We will also push these updates out to customers machines that have requested in advanced that we do so. If you would like to see to it that this is done for your systems please contact us. Otherwise advise your users that when prompted by windows update to install critical updates to do so. These issues are significant and could cause extensive problems if they were to be exploited on one or more of your systems.
It is likely that you will not actually be prompted to install these updates until Wednesday January 9th as most windows update servers synchronize early in the morning. Running a manually synchronization is not adding the updates as of the authoring of this notice.
If you’d like to read more about this:
Or:
Advisories for Week of January 8th @ Cert
Popularity: 1% [?]
Recent Comments