Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: And let the patching games continue - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
And let the patching games continue
As we progress through the week more patches and updates are being released.  
Cisco has joined in with an Active X issue in the desktop client more info is here . The issue centres around the non-verification of code downloaded from a web page.
Apple has also released an update.  This one requires a restart.  The patch addresses CVE-2010-1120 which considering it credits Charlie Miller's is to address the prize winning exploit the other week. The issue relates to a malicious embedded font. Not much more info is here 

Joining the club is Adobe who is releasing their update as well to Reader and Acrobat 


Joining the "and me too" club is java with update 20.  Two security fixes by the looks of the release notes.


Happy patching, as always test before doing production and Friday 5pm is never a good time to push out updates.

Mark H - Shearwater


392 Posts
ISC Handler
Apr 15th 2010

Sign Up for Free or Log In to start participating in the conversation!