Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2008-02-08 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Firefox 2.0.0.12 is out

Published: 2008-02-08
Last Updated: 2008-02-09 00:07:20 UTC
by Jim Clausing (Version: 3)
2 comment(s)

Just a heads up, Firefox 2.0.0.12 is available for manual download via the links on http://www.mozilla.com which means in the next 24 hours we're likely to see it available for automatic download.  The known vulnerabilities page lists 10 issues (3 critical) fixed in this release.  Thanx, to roseman for the heads up.

Update: (2008-02-08 16:10 UTC) It just showed up automatically for me. --jac

 

Update 2:

CVEs are now posted: CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592

Keywords:
2 comment(s)

12, count 'em 12 Microsoft Bulletins coming Tuesday

Published: 2008-02-08
Last Updated: 2008-02-08 16:52:52 UTC
by Jim Clausing (Version: 2)
0 comment(s)

Get some good sleep over the weekend because Microsoft has announced that they intend to release 12 bulletins (7 ranked as critical, by Microsoft, which means 'can result in remote code execution') on Tuesday.  The overview can be found here

Update: Also, take a look at the MSRC blog post.

Keywords:
0 comment(s)

Multiple vulnerabilities in commonly used client software

Published: 2008-02-08
Last Updated: 2008-02-08 02:28:57 UTC
by Raul Siles (Version: 1)
1 comment(s)

The last couple of days have brought up multiple serious vulnerabilities in very commonly used client software:

As you already know, clients are one of the main targets for attacks nowadays. Ensure your automatic software update mechanisms are working properly or go back to the manual update process, but please, patch! BTW, based on a quick test, at this time only some of the new updates already show up on the automatic update features of the affected products: Adobe Reader and Firefox do, while Quick Time does not.

A topic I have been researching a little bit about recently is "update tools for third-party client applications". What tools do you use to manage updates on commonly used third-party client tools, apart from the expensive corporate solutions? Please, send us your suggestions and I will summarize in a future post.

-- Raul Siles
www.raulsiles.com

 

Keywords:
1 comment(s)
Diary Archives