Product Guides- Microsoft research projects to improve our lives
- Outlook '09
- IBM employees buzzing about layoff rumors
- AT&T builds $23M IPv6 network for U.S. military
- Is VoIP dead?
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Microsoft reveals critical holes in Active Directory, mainframe gateway
Microsoft Tuesday issued four critical patches to close 10 vulnerabilities, some on critical IT systems such as Active Directory.
The platforms affected by the critical vulnerabilities include Active Directory, Internet Explorer, Host Integration Server
and Excel. In all, Microsoft issued 11 patches (see complete list here). In addition to the four that were critical, six were
listed as important and one as moderate.
Microsoft October Patch Tuesday advisory
**********
Adobe patches Flash clickjacking and clipboard-poisoning bugs
Adobe Systems Inc. patched five vulnerabilities in Flash today, including one that could be used in "clickjacking" attacks
to secretly spy on users through their webcams. That fix, and others, were rolled into Flash Player 10, the new version of
the popular browser plug-in the company launched earlier today. Computerworld. 10/15/2008.
Adobe: Flash Player update available to address security vulnerabilities
**********
Oracle issues 36 patches, but is anyone applying them?
Many database administrators don't always apply security patches to their environments in a speedy fashion, but that's not
stopping Oracle Corp. from releasing dozens of them on a quarterly basis. The latest batch was released yesterday and includes
fixes for 36 newly discovered vulnerabilities across a wide range of Oracle products. Computerworld, 10/15/2008.
Oracle Critical Patch Update Advisory - October 2008
**********
Half dozen new patches from Ubuntu:
D-Bus (security policy bypass)
Ruby (multiple flaws)
**********
Five new fixes from Debian:
libxml2 (buffer overflow, code execution)
linux-2.6 (denial of service, privilege escalation)
openldap2.3 (denial of service)
**********
Four new updates from Mandriva:
D-Bus (security policy bypass)
libxml2 (buffer overflow, code execution)
mono (HTTP injection)
**********
Today's malware news:
'Experimental' security fix is malware, Microsoft says
Scammers are sending out phoney e-mails that claim to include critical Windows security alerts, Microsoft warned Monday. IDG
News Service, 10/13/2008.
Jason Meserve is multimedia editor at Network World.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2009 Network World, Inc. All rights reserved. |
Comment