A new release for Firefox 3.6 has been issued by Mozilla, settings the latest official stable build to 3.6.8. The new edition of the highly popular web browser comes only with one stability fix to a problem that occurred on some pages containing plugins.
Mozilla Foundation Security Advisory titled the issue the “dangling pointer crash regression from plugin parameter array” and labeled it as having critical impact. The problem was discovered by Mozilla developer Daniel Holbert, who reported on July 20 that the fix to the plugin parameter array crash that had been introduced in the earlier Firefox build (3.6.7) unleashed a crash that showed signs of memory corruption. As an effect of this, the plugin instance’s parameter array could be freed too soon in some cases, leaving a dangling pointer that could be called by the plugin. This translates into the risk of executing attacker-controlled memory. More »
Microsoft plans to plug no less than 34 security holes in Windows, office and Internet Explorer come June 8th, 2010. The move is part of the company’s monthly patch cycle scheduled for release on patch-Tuesday, the second Tuesday of every month.
There will be a total of 10 security bulletins as a part of the June update release, three of which carry the maximum severity rating of Critical, meaning that they are designed to patch vulnerabilities, which, in the eventuality of a successful exploit could allow attackers to perform remote code execution on a vulnerable system.
“Six of the bulletins affect Windows; of those, two carry a Critical severity rating and four are rated Important. Two bulletins, both with a severity rating of Important, affect Microsoft Office. One bulletin, again with a severity rating of Important, affects both Windows and Office. More »
As it does every month, Microsoft has built an ISO image packaging all the security updates it released for supported versions of the Windows client and server operating systems via its monthly patch cycle.
The latest release, namely the February 2010 Security Release ISO Image, brings to the table the Windows patches offered on February 9th through the Windows Update and Microsoft Update for Windows 7 and Windows Server 2008 R2, but also older releases of the OS, such as Windows Vista and Windows XP.
Just a few days ago, the Redmond company released no less than 13 security bulletins patching a total of 26 vulnerabilities in Windows and Office. A total of 11 patch packages were designed to plug security holes in Windows. “As always, it is recommended that customers deploy all security updates as soon as possible.
Of the bulletins released this month, customers should prioritize and deploy MS10-006, MS10-007, MS10-008, MS10-013, and MS10-015, given Critical severity ratings and/or Exploitability Index ratings of 1 (‘Consistent Exploit Code Likely’),” Jerry Bryant, Sr. Security communications manager – lead, revealed. More »
A DVD5 ISO image file containing all the security bulletins made available on November 10th, 2009 for all supported Windows platforms, is now up for grabs via the Microsoft Download Center. As is the case every month, the Redmond company is accompanying the security patched it offers through Windows Update, Automatic Updates, and Microsoft Update with standalone downloads as well as with a package of updates. In this regard, the November 2009 Security Release ISO Image has become available for download earlier this week.
There are no less than six security updates packaged into the ISO image, four of which are now served through WU, AU, and MU to Windows users around the world. MS09-063, MS09-064, MS09-065, MS09-066 are all designed to patch security vulnerabilities in Windows server and client platforms, including versions such as Windows Vista SP2 and Windows XP SP3.
“This DVD5 ISO image file contains the security updates for Windows released on Windows Update on November 10th, 2009. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time,” Microsoft explained. More »
It has by no means been a slow month as far as Microsoft security bulletins go, with no less than 13 patch packages being released by the company for a range of products. In total, the Redmond company patched no less than 34 security holes across Windows, Internet Explorer, Silverlight, Microsoft Office, Developer Tools, Forefront and SQL Server, revealed Christopher Budd, security response communications lead, Microsoft. October 2009 is also the first month in the software giant’s security patch cycle when updates were made available for the gold version of Windows 7. October 2009 marks yet another first, namely the first time that patches for Windows 7 RTM have been included into a company Security Release ISO Image.
At the bottom of this article you’ll be able to find a download link for the October 2009 Security Release ISO Image. The ISO package brings to the table all of the security updates made available for supported Windows operating systems, including Windows 7, Vista, Windows XP, Windows Server 2008 R2, etc. More »