Tag Archive for: patch

Patch Tuesday: Windows, Internet Explorer need critical patches

/in

Windows and Internet Explorer need critical patches this month, according to Microsoft’s advanced notification about Patch Tuesday bulletins for Oct. 14.

In all there are nine bulletins, but three of them are ranked critical and could allow attackers to execute malicious code remotely, according to the notification. “These will be the top patching priorities, probably with the IE issue being the most at risk for exploitation,” says Ross Barrett, senior manager of security engineering at Rapid7.

+ Also on NetworkWorld: Most Dangerous Cyber Celebrities +

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Improved patch tackles new Shellshock attack vectors

/in

System administrators who spent last week making sure their computers are patched against Shellshock, a critical vulnerability in the Bash Unix command-line interpreter, will have to install a new patch that addresses additional attack vectors.

The Shellshock vulnerability was originally discovered by Akamai Technologies security researcher Stephane Chazelas and can be exploited in several ways to remotely execute code on systems like Linux and Mac OS X that use Bash as their default shell.

The fact that the bug has existed in Bash for many years and that Linux is used on a wide variety of devices from servers to industrial equipment and embedded electronics, means that the flaw’s impact is potentially very large.

To read this article in full or to leave a comment, please click here

Network World Security

VMware and Cisco patch vulnerabilities in data-center gear and software

/in

VMware and Cisco Systems released security fixes this week for serious vulnerabilities in networking virtualization and server software typically used in data centers.

Cisco patched a persistent denial-of-service vulnerability that could prevent the out-of-band management of Cisco Unified Computing System (UCS) E-Series Blade servers that are deployed in Cisco Integrated Services Routers Generation 2 (ISR G2).

The vulnerability is located in the SSH (Secure Shell) service of the Cisco Integrated Management Controller (Cisco IMC), a specialized micro-controller embedded in server motherboards that allows systems administrators to monitor and manage servers from outside their OS.

To read this article in full or to leave a comment, please click here

Network World Security

Patch Tuesday: Internet Explorer needs critical patches, again

/in
internet explorer

In a very light set of monthly security bulletins, Microsoft will issue just one that it’s ranking critical and it involves Internet Explorer.

If left unpatched, the browser is subject to attacks that execute malicious code on victim machines, so getting the updates to patch it is important, says Ross Barrett, a security engineer at Rapid7. “This will be the top patching priority for this month,” he says.

+[Also on Network World: Surface Pro 3: A great business desktop and a pretty good laptop, too; Microsoft targets Apple, Samsung with cheaper flagship Lumia]+

To read this article in full or to leave a comment, please click here

Network World Tim Greene