AusCERT Week in Review for 17th December 2010

Date: 17 December 2010 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=13749 With only a week to go until Christmas I know you're all looking forward to some time off. This week however has been quite busy when it comes to applying patches! Some items of note this week include: - Sophos published an advisory regarding a potential vulnerability in its SafeGuard Enterprise Device Encryption Client, which could allow for unauthorised access by re-using "outdated or invalidated credentials". - A vulnerability was identified in Symantec Antivirus Corporate Edition 10.1.4.4010, which could cause a remote denial of service. - ISC released updates for its DHCP Server to combat a remote denial of service vulnerability. - Numerous vulnerabilities were found in RealPlayer which could be exploited to cause code execution. - Microsoft patch day came around this week with the release of 17 bulletins including 2 critical bulletins. One of these critical bulletins dealt with code execution and cross-site scripting vulnerabilities in Internet Explorer. The other critical bulletin detailed a code execution vulnerability in the Windows Open Type Font (OTF) driver. - Finally, Apple released a firmware update for Time Capsule and Airport Base Station. Have a great weekend! Jonathan