Patch Tuesday Security Briefing

Last month it poured when Microsoft released 17 security bulletins that addressed a total of 64 vulnerabilities. For today's Patch Tuesday, we have a light load; however, both patches address remote code execution and one is critical. So both require immediate attention. The critical patch MS11-035 Vulnerability in WINS addresses an issue with all supported versions of Windows server - 2003, 2008 and 2008 R2 and exposes the server to a remote code execution attack and should be a high priority if you're running any of the Windows server platforms. The second issue MS11-036 Vulnerability in PowerPoint addresses an issue in Microsoft PowerPoint for Microsoft Office for the Windows environment XP, 2003 and 2007 however Office 2010 is not impacted. Important to note that also impacted is Microsoft Office for the Mac.

Of further note are the recent changes to the Exploitability Index, which now reflects the likelihood of a vulnerability becoming the subject of an attack in the next 30 days. In addition, there is a new component called the "Denial of Service Risk Score" that can be used to determine the risk of a vulnerability becoming the subject of a Denial of Service attack. More details on the changes ...Read More »

Bulletins

» Highest Priority

» Important

Updates Outside of Microsoft

While it is Microsoft Patch Tuesday, as usual, Microsoft products are not the only ones that require patches. Other issues include a new Day Zero vulnerability discovered by VUPNEN for Google Chrome that bypasses the Sandboxing as well as ASLR/DEP protections without executing a kernel vulnerability. The exploit has been described as "very sophisticated" and works on all Windows systems 32/64 bit.

• A YouTube video of the exploit can be found here

Also, yesterday we learned that Skype issued a patch for a security hole in its Skype 5 client for Mac. The discovered vulnerability would have allowed potential hackers to build a self-replicating worm targeting Mac OS X. With today’s acquisition news, it seems we’ll be hearing about patches from Skype on the second Tuesday of the month from now on…

Apple Security Content

• Apple 2011-04-14 Security Update 2011-002 for Mac
• Apple iTunes 10.2.2 for Windows
• Apple 2011-04-14 Safari Update 5.0.5 for Mac

Adobe Security Content

• Adobe APSB11-07 AIR 2.6.0.19140 for Windows
• Adobe APSB11-07 Flash Player 10.2.159.1 for Windows/Mac
• Adobe APSB11-08 Acrobat 9.4.4 / 10.0.3 for Windows
• Adobe APSB11-08 Reader 9.4.4 for Windows/Mac
• Adobe APSB11-08 Reader X 10.0.3 for Mac

Mozilla Security Content

• Firefox 3.5.19 / Firefox 3.6.17 for Windows / Mac
• Firefox 4.0.1 for Windows / Mac