Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - And let the patching games continue InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

And let the patching games continue

Published: 2010-04-14
Last Updated: 2010-04-15 04:39:07 UTC
by Mark Hofman (Version: 1)
0 comment(s)
As we progress through the week more patches and updates are being released.  
 
Cisco has joined in with an Active X issue in the desktop client more info is here http://www.cisco.com/warp/public/707/cisco-sa-20100414-csd.shtml . The issue centres around the non-verification of code downloaded from a web page.
 
Apple has also released an update.  This one requires a restart.  The patch addresses CVE-2010-1120 which considering it credits Charlie Miller's is to address the prize winning exploit the other week. The issue relates to a malicious embedded font. Not much more info is here http://support.apple.com/kb/HT4131 
 

Joining the club is Adobe who is releasing their update as well to Reader and Acrobat http://www.adobe.com/support/security/bulletins/apsb10-09.html 

Update

Joining the "and me too" club is java with update 20.  Two security fixes by the looks of the release notes.  http://java.sun.com/javase/6/webnotes/6u20.html

 

Happy patching, as always test before doing production and Friday 5pm is never a good time to push out updates.

Mark H - Shearwater

Keywords: Patching
0 comment(s)
Diary Archives