Patch Tuesday: Preview For August 2010
Wolfgang Kandek, 06/08/2010, posted in "Analysis"
As the CTO for Qualys, Wolfgang Kandek is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has over 20 years of ...more info
As the CTO for Qualys, Wolfgang Kandek is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned a Masters and a Bachelors degree in Computer Science from the Technical University of Darmstadt, Germany. ...less info
This August is bringing a record setting number of updates from Microsoft. In addition to last week’s LNK update, there will be another 14 bulletins addressing 34 vulnerabilities, that IT admins will have to take care of in the weeks after Patch Tuesday. Including the LNK update,9 bulletins have a rating of critical and affect all version of the Windows OS, Internet Explorer, Silverlight and Microsoft Office.
Windows 7 and 2008 R2 have a smaller number of critical vulnerabilities than Windows XP and 2003 in function of their improved security architecture, but are still affected by 2 critical vulnerabilities each.
Internet Explorer, Office and Silverlight updates apply across the board on all Windows versions. They are a examples of the this increasingly used type of flaw, where attackers and malware go through the installed applications rather than through the core operating system.
Windows XP SP2 users do not have any patches supplied to them, even though the 5 critical vulnerabilities for XP SP3 most likely apply to their discontinued version of the OS as well. Windows XP SP2 users should upgrade to SP3 as quickly as possible.
Adobe Prenotification for August 2010
Adobe announced that they will publish an out-of-band update APSB10-17 for a 0-day vulnerability published during Charlie Miller’s BlackHat talk. Charlie Miller’s BlackHat paper is a result of a collaboration with Prof. Dawn Song from UC Berkeley and a continuation of his fuzzing efforts first revealed at the CanSecWest conference. At the time the tools he used were CrashWrangler and !exploitable, but it seems that BitBlaze, the tool from Prof. Song’s research group provides much better insight into exploitable application crashes.
Subscribe via RSS or via email
