Startupware: Managing Startups » Patches

Shockwave 11.5.8.612, Multiple Patches

FileTiger — Wed, 25 Aug 2010 13:40:20 +0000

There’s a new version of Shockwave from Adobe. It’s now at version 11.5.8.612, updated to block multiple problems that allowed third-party code to run without the appropriate permissions.

Update at http://get.adobe.com/shockwave/

More information at Homeland Security:
http://www.us-cert.gov/current/index.html#adobe_releases_security_bulletin_for8

Adobe Reader moves to 9.3.4, Off-schedule patch

FileTiger — Fri, 20 Aug 2010 13:22:21 +0000

Adobe Reader has a new patch, moving it to a current release of 9.4.4. This is not on their announced schedule of matching the Microsoft second-Tuesday patch release calendar. This patch requires a system reboot.

According to the Adobe release notes:

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2010-2862).

These updates further mitigate a social engineering attack that could lead to code execution (CVE-2010-1240).

These updates incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-16.

Translation into non-technobabble: Without the patch, bad guys can run their programs on your computer, including malware installers.

In my opinion, all users should also turn off two features in Adobe Reader to reduce the possibility of third-party code running unapproved. In the Tools, Preferences menu, go to Javascript. Uncheck the top box. And in Trust Manager, uncheck the top box. The first option runs scripts, and the second runs embedded documents, including possible macro code. No one uses these features except malware writers.

Apple QuickTime 7.6.7 Security Update

FileTiger — Fri, 13 Aug 2010 16:32:05 +0000

Apple has updated QuickTime to version 7.6.7.
It’s a security update, blocking attackers from using an error code to overflow a buffer, and so run code that would normally not be allowed while online, and to block a possible DOS (denial of service) condition.

More at Homeland Security, here.

Adobe Flash Player now at 10.1.82.76

FileTiger — Wed, 11 Aug 2010 13:55:42 +0000

Adobe has released an update to Flash Player. It’s a security fix, preventing either execution of arbitrary code (malware installs are possible), or a denial of service attack.

More at US Homeland Security, here.

Update of Apple iTunes to 9.2.1

FileTiger — Tue, 20 Jul 2010 13:25:31 +0000

Apple has released an update for iTunes. It’s a security update to prevent a denial-of-service attack based on podcast links. More information is at US-Cert, the US Computer Emergency Readiness Team.

The list of the most-commonly installed web file viewers and their current patch levels and links to version tests and installers has been updated, it’s here: http://www.startupware.com/patches

Second Tuesday Update: Java

FileTiger — Thu, 15 Jul 2010 03:56:23 +0000

Microsoft has the usual set of patches for the July 13th, Second Tuesday patch set–I see three for Windows 7, and three for Office 2007–be sure to get the ‘optional’ updates to the help files, because this month’s patches involve fixes to the help format that prevent remote code execution.

Other companies are using the Second Tuesday release date as well. This time Sun has an update for Java; your installations of Java should be 6, release 21.

The list of the most-commonly installed web file viewers and their current patch levels and links to version tests and installers has been updated, it’s here: http://www.startupware.com/patches

Adobe Reader updated to 9.3.3

FileTiger — Tue, 29 Jun 2010 21:11:54 +0000

Adobe has updated Adobe Acrobat and Adobe Reader to version 9.3.3. The patch is available from the Help menu, under ‘Check for Updates’, and it’s an important security patch, correcting security holes currently being exploited by malware.

The patch alone is NOT adequate. ALSO, go to Edit, Preferences, and UNCHECK these two items:
In JavaScript, the top item ‘Enable Acrobat JavaScript’ should be unchecked.
In Trust Manager, the top item, ‘Allow opening of non-PDF file attachments with external applications’ should be unchecked.

The list of the most-commonly installed web file viewers and their current patch levels and links to version tests and installers has been updated, it’s here: http://www.startupware.com/patches