Posted by Daniel Tumalad on March 12, 2009
This is Microsoft’s first release for Windows 7 [just being optimistic, hopefully there won’t be alot more to come in the future]. This update is supposed to patch a critical Remote Code Execution bug along with two other spoofing related vulnerabilities.
Now available on Windows Update and Microsoft Download Center.
For more details:
http://arstechnica.com/microsoft/news/2009/03/windows-7-beta-gets-its-first-security-update.ars
http://www.microsoft.com/DOWNLOADS/en/default.aspx
Posted in vulnerability, Windows | Tagged: microsoft release, patch, security update, windows 7 | Leave a Comment »
Posted by Jaime Raphael Licauco, CISSP, GSEC on December 8, 2008
Upcoming details for this month’s Patch Tuesday can be found in Heise Online’s Microsoft wants to close six critical holes and PC World’s Microsoft readies Eight New Security Patches.
A Secunia blog states that 98% of all PC’s aren’t fully patched as was also reported in The Register and SCMag UK. No doubt this contributes to the millions of PC’s out there that are used as zombies unbeknownst to their owners. This happens mostly because people have too much confidence in their Anti Virus in stopping all threats. I’ll write about this more in another post, as for now, you might want to check out Secunia’s freely available Personal Software Inspector to check for patches their PCs may need.
Trend Micro researchers though, say that vulnerabilities only play a minor role (5%) in attacks. And that most attacks (53%) come in the form of Social Engineering attacks wherein the user is duped into downloading malware. An example of this would be fake anti-virus products that take up the top three positions in BitDefender’s Top e-threats (Heise Security also gives the list here). Which reminds me of what Zot O’Conner said in his talk at the Renaissance Makati in late October… that you cannot design a security product to defend against a user that just clicks and accepts anything.
In related news, Security Park reports that Human error continues to be the top cause of IT security breaches primarily because individuals are given the option to bypass them.
Other Security News
Center for Strategic and International Studies publishes report on Securing Cyberspace
Distributed SSH attacks bypass blacklists
New variant of DNSChanger in mass DNS hijack
The debate resumes over Mac Security
Identity Theft breaches on the increase in the US
(Security Focus) US Commission calls for Cybersecurity Czar
(Security Park) Free malware search tool helps financial institutions identify web attacks targeting their websites
SANS Webcast on December Threat Update
SANS Webcast on What Works in Security Information and Event Management
(Linux Security) New Wireshark Packages fix Vulnerabilities
(Linux Security) Never Installed a Firewall on Ubuntu? Try Firestarter
(Linux Security) Debian: New Linux 2.6.24 packages fix several vulnerabilities
(NY Times) Thieves Winning Online War, Maybe Even in Your Computer
(Translated by Google) 21 Million German Citizen’s Account Numbers in Circulation
Posted in Change Management, News, social engineering, vulnerability assessment, Windows | Tagged: Antivirus, distributed ssh, Microsoft, patch, patch tuesday, psi, secunia, social engineering, vulnerability assessment, Windows | 1 Comment »
InfoSec Philippines