Last Updated: 2009-07-30 22:34:01 UTC
by Mark Hofman (Version: 1)
With the DNS issues, Microsoft OOB patch and the Flash issue a couple of other things may have slipped your attention. So whilst you are applying the MS patches keep in mind that there are a few more that may need applying in the near future.
Adobe has three bulletins out at the moment. The Flash issue, flash in IE and Shockwave. The flash patches should be hitting the street on the 31st a Shockwave upgrade is already available (more info here http://www.adobe.com/support/security/ ).
As mentioned in Bojan's diary entry the Internet Systems Consortium has a fixed version of bind available on their site. so make some time to upgrade that as soon as you can (of course after testing).
Cisco also had an advisory out this week Advisory ID: cisco-sa-20090729-bgp. There are two issues that affect certain version of the IOS that allow 4 byte AS numbers and have BGP enabled. Both issues will cause the device to reload. More details are here. Updates are available.
Another Cisco advisory earlier this week deals with their wireless LAN controllers which has four issues, three denial of service attacks using malformed requests using HTTP, HTTPS or SSH. The fourth is a malformed request which allows you to own the controller and thus the wireless network. If you are running these devices, patch. More info is here.
There are no doubt many, many more, but these should be near the top of your list. So if you are having fun at Blackhat and/or Defcon, make sure junior is on top of it.
Flash update is out already, Adobe Reader is still to come.
Mark - Shearwater