I’ve been up to my ears in travelling and AMTSO and had limited connectivity over the last week, but even I noticed that a lot of patching issues have risen to the surface in the past few days. In case some of this has passed you by, here are a few of the more prominent issues.
Perhaps the issue with the highest profile are the imminent out-of-band patches announced by Microsoft for release tomorrow (Tuesday 28th July). Developers will want to be aware of the bulletin relating to the Visual Studio range, as well as some major updates to Internet Explorer which will (or should!) concern everyone. The fact that Microsoft has suddenly inserted these updates without waiting for the next Patch Tuesday is a clear indication that there are vulnerabilities here that the company is taking very seriously. And Microsoft is not known for overemphasis when it comes to patch issues: if it is taking a patch seriously, the rest of us should, too.
As Heise have pointed out, it’s very likely that a certain Black Hat presentation has a very specific impact on the sudden perception of the importance of this issue.
In the meantime, Adobe have published some notes on mitigation of a "Local Privilege Escalation in Adobe Reader Installer", hard on the heels of a Flash vulnerability described in some detail by the Internet Storm Center. Adobe have promised mitigation around the end of the month.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Author David Harley, ESET