Threat Level: green Handler on Duty: Deborah Hale

SANS ISC: And let the patching games continue - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
And let the patching games continue
As we progress through the week more patches and updates are being released.  
 
Cisco has joined in with an Active X issue in the desktop client more info is here http://www.cisco.com/warp/public/707/cisco-sa-20100414-csd.shtml . The issue centres around the non-verification of code downloaded from a web page.
 
Apple has also released an update.  This one requires a restart.  The patch addresses CVE-2010-1120 which considering it credits Charlie Miller's is to address the prize winning exploit the other week. The issue relates to a malicious embedded font. Not much more info is here http://support.apple.com/kb/HT4131 
 

Joining the club is Adobe who is releasing their update as well to Reader and Acrobat http://www.adobe.com/support/security/bulletins/apsb10-09.html 

Update

Joining the "and me too" club is java with update 20.  Two security fixes by the looks of the release notes.  http://java.sun.com/javase/6/webnotes/6u20.html

 

Happy patching, as always test before doing production and Friday 5pm is never a good time to push out updates.

Mark H - Shearwater

Mark

392 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!