Adobe has released updates for its Reader and Acrobat products in order to address several vulnerabilities that can be exploited to execute arbitrary code remotely.
The new 9.4.1 versions have only been released for Windows and Mac, the UNIX updates being scheduled to land on November 30.
Patched bugs include CVE-2010-4091, a memory corruption vulnerability disclosed as a zero-day at the beginning of the month.
Despite proof-of-concept exploit code being publicly available, no attacks exploiting this flaw have been detected in the wild so far.
There is reason to believe the issue was known in some hacking circles since November 2009, when details about it were published on Russian-language blogs. More »
This milestone in the product lifecycle of XP has generated a range of questions, some easier to answer than others. Below you will find a list of frequently asked questions along with answers, some right from Microsoft. Hopefully, the FAQ will be sufficient to provide guidance for customers that need to make the transition from XP SP2 to more recent releases of Windows.
1. How will XP SP2 customers be impacted by end of support for the service pack?
Microsoft software products evolve constantly, with major products receiving upgrades dubbed service packs. In the case of XP SP2, the upgrade was indeed massive, with some company employees noting that Service Pack 2 for Windows Vista’s successor could easily have been considered an entirely new Windows release. The software giant only offers support for Service Packs for 12 to 24 months after a new release. This period varies, and is connected with the product family. In the specific case of XP SP2, July 13th, 2010 will mark two years since the release of Service Pack 3. More »
As it does every month, Microsoft has built an ISO image packaging all the security updates it released for supported versions of the Windows client and server operating systems via its monthly patch cycle.
The latest release, namely the February 2010 Security Release ISO Image, brings to the table the Windows patches offered on February 9th through the Windows Update and Microsoft Update for Windows 7 and Windows Server 2008 R2, but also older releases of the OS, such as Windows Vista and Windows XP.
Just a few days ago, the Redmond company released no less than 13 security bulletins patching a total of 26 vulnerabilities in Windows and Office. A total of 11 patch packages were designed to plug security holes in Windows. “As always, it is recommended that customers deploy all security updates as soon as possible.
Of the bulletins released this month, customers should prioritize and deploy MS10-006, MS10-007, MS10-008, MS10-013, and MS10-015, given Critical severity ratings and/or Exploitability Index ratings of 1 (‘Consistent Exploit Code Likely’),” Jerry Bryant, Sr. Security communications manager – lead, revealed. More »
Microsoft Network Monitor
Microsoft Network Monitor is a network protocol analyzer that lets you capture, view, and analyze network traffic. Version 3.3 of Network Monitor is available in 32- and 64-bit versions. Download it now.
Microsoft Baseline Security Analyzer
The Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed to help administrators of small and medium-sized businesses ensure that their Windows-based computers are secure. You can use MBSA to determine the security state of your computers in accordance with Microsoft security recommendations. MBSA also offers specific remedia¬tion guidance for security problems it detects, such as misconfigurations and missing security updates.
At the time of writing this, the current version was MBSA 2.1. This version is available in 32- and 64-bit versions, but it does not install on Windows 7. A new version that supports Windows 7 is due to be released sometime in the future. You can download the current version and get information regarding the a version for Windows 7 at microsoft.com/mbsa/.
A DVD5 ISO image file containing all the security bulletins made available on November 10th, 2009 for all supported Windows platforms, is now up for grabs via the Microsoft Download Center. As is the case every month, the Redmond company is accompanying the security patched it offers through Windows Update, Automatic Updates, and Microsoft Update with standalone downloads as well as with a package of updates. In this regard, the November 2009 Security Release ISO Image has become available for download earlier this week.
There are no less than six security updates packaged into the ISO image, four of which are now served through WU, AU, and MU to Windows users around the world. MS09-063, MS09-064, MS09-065, MS09-066 are all designed to patch security vulnerabilities in Windows server and client platforms, including versions such as Windows Vista SP2 and Windows XP SP3.
“This DVD5 ISO image file contains the security updates for Windows released on Windows Update on November 10th, 2009. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time,” Microsoft explained. More »