Another update to the open source WordPress blogging platform has been released.  This update is primarily a security update for a password reset flaw that was introduced with version 2.8.3.  It is recommended all WordPress blog admins update their copy of WordPress to 2.8.4 immediately.  If you do  not use subversion to control your updates, we highly recommend you look into it as it can dramatically speed up and simplify the process of updating your blog(s).

This flaw can compromise WordPress and WordPress MU installations using a simple browser based exploit.  More detail on the problem can best be explained by Swa Frantzen at SANS Internet Storm Center:

Wordpress unauthenticated administrator password reset

Author: Christopher

(No Ratings Yet)

 Loading ...

Mozilla released Firefox 3.52. today that patches two vulnerabilities related to how the browser uses SSL certificates.  Updating to this version via the auto update should protect against man-in-the-middle attacks that were discovered by Dan Kaminsky (Mr. DNS) and Moxie Marlinspike at last week’s Black Hat conference.

We recommend upgrading to Firefox 3.5.2 across the board to eliminate this vulnerability.

Author: Christopher

(No Ratings Yet)

 Loading ...

Last Thursday Adobe patched 12 bugs in their Flash application, three of these were caused by Microsoft.  For at least a week hackers have been exploiting at least one of these vulnerabilities.  You can find the full details of the security bulletin on Adobe’s website under Security Advisories.

The report refers to ten vulnerabilities that can potentially lead to compromised systems by allowing hackers to execute their own code.  Windows, Mac, and Linux machines were address in this patch, although Solaris is still set for a future update.

July 10th Microsoft notified Adobe about vulnerabilities in Microsoft’s ATL (Active Template Library), two weeks prior to public announcement.  Microsoft security team has been investigating these ATL for flaws since early 2008.  “[Microsoft] was moving very fast to pull resources together to help us do triage on our products,” said Brad Arkin, Adobe’s director for product security and privacy.

“The hard part was determining what was vulnerable,” said Brad. “It’s easy to rebuild a test version, but then we had to make sure [that] works and make sure we didn’t break it.”

Patched versions of the Flash Player  for Windows, Mac and Linux can be downloaded from Adobe’s Web site.   Users can use Flash’s built-in automatic update mechanism to grab the new versions.

It is a step in the right direction to see Adobe take vulnerabilities in their products more seriously and address these issues in a timely fashion.

Author: Christopher

(No Ratings Yet)

 Loading ...

Microsoft has released Vista & Windows Server Service Pack 2.

Download: Windows Vista and Windows Server 2008 SP2 x86 (5 Language Standalone)
Download: Windows Vista and Windows Server 2008 SP2 x64 (5 Language Standalone)

Eventually this update will be available through Automatic Windows Update.

Author: Christopher

(No Ratings Yet)

 Loading ...

If you heard of maliciously rigged PDF files, then you probably have been waiting for Microsoft to patch this vulnerability that they originally blamed FireFox for back in July. Known attack vectors exist in these applications while used with Internet Explorer 7:

• Mozilla Firefox (2.0.0.5 and lower)
• Skype (3.5.0.238 and lower)
• Adobe Acrobat 8.1
• Miranda 0.7
• Netscape 7.1
• MIRC chat for windows

Back early in October, Microsoft released Security Advisory 943521 about the vulnerability and reports of remote code execution with the promise of a new patch. As of today, the patch is released as security bulletin MS07-061.

Windows XP & Windows 2003 Servers using Internet Explorer 7 should update as soon as possible to this patch.

Author: Christopher

(No Ratings Yet)

 Loading ...