patch management

Patchwork for the Home and the Enterprise

SC Magazine's Dan Raywood reports that "To be completely patched requires an average of between 51 and 86 actions per year", quoting findings by Secunia that " in order for the typical home user to stay fully patched, an average of 75 patches from 22 different vendors need to be installed, requiring the user to

Adobe, Javascript, and the CVE-2009-4324 Exploit

There has been quite a lot of traffic in the last few weeks about the doc.media.newPlayer vulnerability referenced in the CVE database as CVE-2009-4324. The following Adobe articles refer: http://www.adobe.com/support/security/advisories/apsa09-07.html http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html http://blogs.adobe.com/psirt/2009/12/security_advisory_apsa09-07_up.html Today's article at the Internet Storm Center by Bojan Zdrnja (http://isc.sans.org/diary.html?storyid=7867) gives a lot of detail on a particularly inventive exploit of the

Ten Ways to Dodge Cyber-Bullets (Part 2)

[Part 2 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Catch the Patch Batch Keep applications and operating system components up-to-date with automated updates and patches, and by regularly reviewing the vendors’ product

September’s Global Threat Report

ESET released its Global Threat Report for the month of September, 2009, identifying the top ten threats seen during the month by ESET's ThreatSense.Net™ cloud.  You can view the report here and, as always, the complete collection is available here in the Threat Trends section of our web site.  While the report identifies a number

Adobe Update Update (Update?)

This is a quick follow-up to the earlier blog about Adobe updates. I’ve just received notification that the Adobe Flash Player updates bulletin released yesterday has been updated: it now contains information about (and links to) the promised Adobe Reader and Acrobat patches. Adobe states that it categorizes these updates as critical and recommends that you

Adobe Updates

I’d like to call your attention (again) to a major Adobe bulletin that was released yesterday (actually, still today, if you’re far enough behind GMT, but I’m sitting just a train ride away from Greenwich, UK). In brief, the bulletin concerns the following CVE (Common Vulnerabilities and Exposures) issues: CVE-2009-1862 CVE-2009-0901 CVE-2009-2395 CVE-2009-2493 CVE-2009-1863 CVE-2009-1864 CVE-2009-1865

Statistical Accuracy and the Gullibility Gene

SC Magazine in the UK picked up on our Global Threat Report for June, based on statistics that derive from our ThreatSense.Net® threat-monitoring technology. Thanks, Dan: when you do as much writing as I do, it’s comforting to know that someone is reading it. ;-) I thought, though, I’d develop some thoughts on a topic arising

Targeted Malware and Microsoft

Microsoft issued an advisory last week – Microsoft Security Advisory (969136) "Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution" – that "could allow remote code execution if a user opens a specially crafted PowerPoint file." The advisory uses very similar language to Microsoft’s recent advisory on an Excel vulnerability, referring to "only…limited and

Patches Despatches

In a previous blog relating to Acrobat vulnerabilities, I suggested that you might want to sign up for Adobe’s alerts service. I did, but still haven’t received any news from it. However, it appears that The Register (or one of its sources) did, so I’m nevertheless aware that Adobe has released updates to address the

PSST! It’s PFTS!

PSST! Anyone remember the Telephone party game, also known by various politically incorrect names like Chinese Whispers and Russian Scandal? A series of reports like this and this illustrate a textbook example of how rumour and misunderstanding (some of it probably wilful) can transform a story into something very different to its original form. According

ESET Virus Radar

Archives

Copyright © 2013 ESET, All Rights Reserved.