Weekly Infosec News Brief 8-14 June
Microsoft Releases Eight Patches for June, Addressing Twenty Critical Vulnerabilities
Last Tuesday, Microsoft issued eight patches, two of which are rated as critical. The most significant is MS15-056, which is a patch for Internet Explorer (versions 6, 7, 8, 9, 10, and 11!) This patch addresses a number of serious memory corruption vulnerabilities in IE which could potentially allow for a remote code execution exploit. The other critical update, MS15-057, updates Windows Media Player and fixes a some similar memory corruption issues there. This update has a lower "exploitability" rating than the IE fix, but both should be tested and deployed as quickly as possible.
https://technet.microsoft.com/en-us/library/security/ms15-jun.aspx?f=255&MSPPError=-2147217396
http://www.computerworld.com/article/2933775/application-security/a-moderate-june-patch-tuesday-with-a-critical-update-to-ie.html
Adobe Releases New Flash Version, Fixes Critical Vulnerabilities
Adobe released updated versions of its Flash Player and AIR products. These updates are critical and address vulnerabilities that could lead to arbitrary remote code execution. The new version of Flash is 18.0.0.160. Google Chrome's built-in Flash will auto-update for most installations, as will Internet Explorer on Windows 8. Internet Explorer on earlier versions of Windows, as well as Firefox, will need manual intervention. If your organization has a managed deployment of Chrome, be certain that the latest version with the updated Flash Player is deployed. You can check the installed Flash version here: https://www.adobe.com/software/flash/about/
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
http://www.cio.com/article/2933574/adobe-fixes-flash-player-flaws-that-could-lead-to-info-theft-malware-attacks.html#tk.rss_security0
VMWare Issues Patch for Critical Vulnerability
VMWare issued a patch last week to a critical vulnerability in its products that run on top of Windows, which could allow an attack to "escape" from one virtual machine to others or to the host machine. This vulnerability does not affect ESX Server or VMWare's other enterprise-class virtual server hosting platforms.
Patches are available for VMware Workstation, VMware Player, and the VMware Horizon Client for Windows.
http://www.computerworld.com/article/2934185/security0/vmware-patches-virtual-machine-escape-flaw-on-windows.html
Last Tuesday, Microsoft issued eight patches, two of which are rated as critical. The most significant is MS15-056, which is a patch for Internet Explorer (versions 6, 7, 8, 9, 10, and 11!) This patch addresses a number of serious memory corruption vulnerabilities in IE which could potentially allow for a remote code execution exploit. The other critical update, MS15-057, updates Windows Media Player and fixes a some similar memory corruption issues there. This update has a lower "exploitability" rating than the IE fix, but both should be tested and deployed as quickly as possible.
https://technet.microsoft.com/en-us/library/security/ms15-jun.aspx?f=255&MSPPError=-2147217396
http://www.computerworld.com/article/2933775/application-security/a-moderate-june-patch-tuesday-with-a-critical-update-to-ie.html
Adobe released updated versions of its Flash Player and AIR products. These updates are critical and address vulnerabilities that could lead to arbitrary remote code execution. The new version of Flash is 18.0.0.160. Google Chrome's built-in Flash will auto-update for most installations, as will Internet Explorer on Windows 8. Internet Explorer on earlier versions of Windows, as well as Firefox, will need manual intervention. If your organization has a managed deployment of Chrome, be certain that the latest version with the updated Flash Player is deployed. You can check the installed Flash version here: https://www.adobe.com/software/flash/about/
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
http://www.cio.com/article/2933574/adobe-fixes-flash-player-flaws-that-could-lead-to-info-theft-malware-attacks.html#tk.rss_security0
VMWare issued a patch last week to a critical vulnerability in its products that run on top of Windows, which could allow an attack to "escape" from one virtual machine to others or to the host machine. This vulnerability does not affect ESX Server or VMWare's other enterprise-class virtual server hosting platforms.
Patches are available for VMware Workstation, VMware Player, and the VMware Horizon Client for Windows.
http://www.computerworld.com/article/2934185/security0/vmware-patches-virtual-machine-escape-flaw-on-windows.html
Comments
Post a Comment