Monday, July 12, 2010

Quick Notes after a driving vacation

Since the last time I posted I have driven 7,000 miles, from Tucson, Arizona, to Mt. Desert Island and Acadia National Park in Maine, and back. Most of the driving west of the Mississippi and about half the driving east of it was on non-Interstate highways to avoid traffic. I need a vacation to recover from my vacation.

Of course, the Bad Guys don't take vacations, or if they do, they don't all take them at the same time. Updates galore happened while I was away:

Google Releases Chrome 5.0.375.99
added July 7, 2010 at 08:46 am

Google has released Chrome 5.0.375.99 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

Mozilla Firefox 3.6.6 (updated Tue 13 Jul 2010 06:50)
What’s New in Firefox 3.6.6
Firefox 3.6.6 modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated.

Please see the complete list of changes in this version. You may also be interested in the Firefox 3.6.4 release notes for a list of changes in the previous version.

Adobe Releases Update for Adobe Reader and Adobe Acrobat
added June 29, 2010 at 02:03 pm

Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect the following versions:

* Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh, and UNIX
* Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
ASF Note: version 8.2.3 was also released. Administrators can get .MSP installer files from and Official Adobe Security Bulletin page here: Adobe - Security Bulletins: APSB10-15 - Security updates available for Adobe Reader and Acrobat. Home users should use "Check for Updates" on the "Help" menu.

Sunbelt Blog: Patch Tuesday coming [next] week
Microsoft has issued advance notification for the July patch on Tuesday. Four bulletins are expected.

Security bulletins will be issued for Microsoft Windows (two critical bulletins fixing vulnerabilities that could allow remote execution of code) and two for Microsoft Office (one critical and one important – both fix vulnerabilities that could allow remote code execution.)

The patches will include a fix for the vulnerability in Windows Help and Support Center (XP and Server 2003 only) that can allow execution of code from malicious Web pages or malicious links in e-mail (CVE-2010-1885). There were reports of the vulnerability being exploited after Google researcher Tavis Ormandy made public proof of concept code earlier this month.

This month also marks the end date for support for Windows XP SP2 and Windows 2000.
Note: If you are still running any Windows 2000 systems, PATCH THEM THIS TUESDAY as Microsoft will no longer provide Windows Updates for Windows 2000 after Tuesday.
Last Patch Tuesday for Windows 2000 and Windows XP SP2
... As of July 13, 2010, there will be no new security updates, non-security hotfixes, or option to engage Microsoft product development resources, just like Windows XP SP2.

In addition, though, Windows 2000 will no longer have access to free or paid support options, and there will be no further updates to online support content. The solution for Windows 2000 is not as easy either.

No comments: