patches - News, Features, and Slideshows

News

• Web-based exploits on the decline, but users still slow to patch

  The number of exploit kits on the Web dramatically decreased last year, but some have become more sophisticated and shifted their focus to software that is less frequently updated.

• Adobe patches remote code execution and keylogging flaws in Flash Player

  Adobe Systems fixed nine vulnerabilities in Flash Player that allow attackers to record users' keystrokes or take complete control of their computers.

• Microsoft patch Tuesday focuses solely on Windows

  he January 2015 edition of Microsoft Patch Tuesday might be more notable for what the monthly release of security bulletins does not contain -- there are no fixes for the Microsoft Explorer browser this month.

• Google discloses another unpatched Windows flaw, irritates Microsoft

  Google released details of a second unpatched privilege escalation flaw in Windows 8.1 in less than a month, drawing criticism from Microsoft.

• OpenSSL patches eight new vulnerabilities

  Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks.

• Think that software library is safe to use? Not so fast!

  In today's world of agile software development and fast release cycles, developers increasingly rely on third-party libraries and components to get the job done. Since many of those libraries come from long-running, open-source projects, developers often assume they're getting well-written, bug-free code. They're wrong.

• Flaw in open-source PDF viewer could put WikiLeaks users, others at risk

  An open-source component used to display PDF files on WikiLeaks.org and other websites contains vulnerabilities that could be exploited to launch cross-site scripting (XSS) and content spoofing attacks against visitors.

• Exploits for dangerous network time protocol vulnerabilities can compromise systems

  Remote code execution vulnerabilities in the standard implementation of the network time protocol (NTP) can be exploited by attackers to compromise servers, embedded devices and even critical infrastructure systems that run UNIX-like operating systems.

• Critical vulnerability in Git clients puts developers at risk

  A critical vulnerability in client software used to interact with Git, a distributed revision control system for managing source code repositories, allows attackers to execute rogue commands on computers used by developers.

• Microsoft Patch Tuesday addresses Exchange and Explorer flaws

  Internet Explorer and Exchange Server top the list of Microsoft programs needing to be patched by IT administrators this month, now that the company has rolled out its latest round of "Patch Tuesday" security fixes.

• The POODLE flaw returns, this time hitting TLS security protocol

  Webmasters who patched their sites against a serious SSL flaw discovered in October will have to check them again. Researchers have discovered that the vulnerability also affects implementations of the newer TLS (Transport Layer Security) protocol.

• IBM fixes serious flaw in Endpoint Manager for mobile device management

  A vulnerability in the IBM Endpoint Manager for mobile devices could allow attackers to execute malicious code on the servers used by companies to manage devices.

• Siemens patches critical SCADA flaws likely exploited in recent attacks

  Siemens released security updates for several of its SCADA (supervisory control and data acquisition) products for industrial environments, in order to fix critical vulnerabilities that may have been exploited in recent attacks.

• Why is Microsoft updating Windows PCs for a security bug on the server?

  When Microsoft released a critical update for multiple versions of Windows Server this month, it also pushed out a fix for several releases of the Windows client OS, including even the technical preview for Windows 10.

• Critical XSS flaws patched in WordPress and popular plug-in

  New security updates released for the WordPress content management system and one of its popular plug-ins fix cross-site scripting (XSS) vulnerabilities that could allow attackers to take control of websites.