Australia's Leading Computer Emergency Response Team

AusCERT Week in Review for 17th December 2010
Date: 17 December 2010
Original URL: http://www.auscert.org.au/render.html?cid=7066&it=13749


With only a week to go until Christmas I know you're all looking forward to some time off. This week however has been quite busy when it comes to applying patches! Some items of note this week include:

- Sophos published an advisory regarding a potential vulnerability in its SafeGuard Enterprise Device Encryption Client, which could allow for unauthorised access by re-using "outdated or invalidated credentials".

- A vulnerability was identified in Symantec Antivirus Corporate Edition 10.1.4.4010, which could cause a remote denial of service.

- ISC released updates for its DHCP Server to combat a remote denial of service vulnerability.

- Numerous vulnerabilities were found in RealPlayer which could be exploited to cause code execution.

- Microsoft patch day came around this week with the release of 17 bulletins including 2 critical bulletins. One of these critical bulletins dealt with code execution and cross-site scripting vulnerabilities in Internet Explorer. The other critical bulletin detailed a code execution vulnerability in the Windows Open Type Font (OTF) driver.

- Finally, Apple released a firmware update for Time Capsule and Airport Base Station.

Have a great weekend!
Jonathan