Wednesday, August 10, 2011

August Windows Updates critical, require reboot

It has been too long since I posted here.  Microsoft's July update cycle was a small one with only one critical patch affecting Windows Vista/7 users, so I didn't bother blogging about it. However, the August patch set is much larger -- two critical patches including one for Internet Explorer which Microsoft says is likely to be exploited soon. The updates for M$ Windows and Microsoft Office require a reboot. Combine that with a surprise release of new versions of Adobe Flash Player and Adobe Shockwave Player and system admins are going to be busy this week.

July updates:
ISC Diary | Microsoft July 2011 Black Tuesday Overview
Overview of the July 2011 Microsoft patches and their status.

Microsoft warns of critical security hole in Bluetooth stack | ZDNet
Microsoft today shipped four security bulletins with patches for 22 serious security flaws and called special attention to a vulnerability in the Windows Bluetooth stack that could allow hackers to remotely take control of an affected computer.

The vulnerability, fixed with MS11-053, headlines a batch of updates that include fixes for gaping holes in the Windows kernel and security problems in the Windows Client/Server Run-time Subsystem.
Microsoft Fixes Scary Bluetooth Flaw, 21 Others — Krebs on Security
Microsoft today released updates to fix at least 22 security flaws in its Windows operating systems and other software. The sole critical patch from this month’s batch addresses an unusual Bluetooth vulnerability that could let nearby attackers break into vulnerable systems even when the targeted computer is not connected to a network.

Adobe Patches:
Microsoft Security Bulletin Summary for July 2011

ISC Diary | Adobe August 2011 Black Tuesday Overview
Although none of us seems to have seen any warning, Adobe has released 5 bulletins today.

These update Adobe products to the following versions:

* Adobe Shockwave Player 11.6.1.629
* Flash Media Server 4.0.3 (or 3.5.7 if you are using 3.x)
* Adobe Flash Player
o Android 10.3.186.3
o Windows, OS X, Solaris, Linux 10.3.183.5
* Adobe Air 2.7.1
* Photoshop version is not changed by the update.
* Robohelp version is not changed, but version 9.0.1.262 is not vulnerable.

August updates:
ISC Diary | Microsoft August 2011 Black Tuesday Overview
Multiple vulnerabilities in Internet Explorer allow random code execution with the rights of the logged on user and information leaks. Replaces MS11-050.
Assessing the risk of the August security updates - Security Research & Defense - Site Home - TechNet Blogs
Today we released 13 security bulletins. Two have a maximum severity rating of Critical, nine have a maximum severity rating of Important, and two have a maximum severity rating of Moderate. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
Microsoft expecting exploits for critical IE vulnerabilities | ZDNet
By Ryan Naraine | August 9, 2011, 12:11pm PDT

Microsoft today warned that multiple gaping security holes in its Internet Explorer browser could expose millions of Web surfers to hacker attacks via rigged web pages.

As part of this months’ Patch Tuesday release, Microsoft shipped a “critical” IE bulletin (MS11-057) with fixes for total of 7 security flaws. Two of the vulnerabilities were publicly discussed prior to the availability of the patch.

The company expects to see reliable exploits developed within the next 30 days.

Because these vulnerabilities expose IE and Windows users to drive-by download attacks without any user action beyond surfing to a booby-trapped web site, Microsoft is strongly recommending that all Windows users apply the patch immediately.

The IE update is rated “critical” for Internet Explorer 6 on Windows clients, and for Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9; and Important for Internet Explorer 6 on Windows servers.
Microsoft Security Bulletin Summary for August 2011
This bulletin summary lists security bulletins released for August 2011.

No comments: