Greetings,

Well it is that time of week again, as I regale you with a tale that will make your eyes Adobe Flash (ESB-2011.0827) and your mouth ISC BIND - or it would except that ISC only updated DHCP (ESB-2011.0840) this week - not BIND. However Microsoft and Adobe both emptied their dump-truck upon us and resulted in my normal two hour lunch break getting cut short on Wednesday. Poor me :(

If you do run any Microsoft software, updating is a good idea, however this month there were no Office updates (other than Visio (ESB-2011.0815) which I don't count as office because it never comes in the box I get), so my Mac gets a week off. Well except for Adobe Flash, Adobe Shockwave and Google Chrome - although that one was really Adobe's fault.

I must also tip my hat to HP. They have found a vulnerability in their Easy Printer Care Software v2.5 and earlier (ESB-2011.0811) and have sent a bulletin letting people know it is no longer supported. You could argue that they should have patched it, but all software tends to run its course, so it is nice that HP is letting people know rather than just sweeping it under the carpet. Speaking of which does anyone know if Apple has a page for "officially supported software"?

HP has also updated their WebOS Contacts and Calendar applications (ESB-2011.0834 and ESB-2011.0835) to correct either a code execution vulnerability or an XSS one - I wasn't really sure which so went with the "worst". After all, in this day and age of web applications the difference between XSS and code execution is fast becoming less evident.

Lastly, we have CA ARCserve D2D (ESB-2011.0836) with a remote code execution vulnerability, and BlackBerry Enterprise Server (ASB-2011.0062) with one also. Both should be patched if you use them - but I am sure you already guessed I was going to say that.

Well, that's all from me this week - have a great weekend and fill out the census if you haven't already (or you can be fined $110 per day). Our website is ready to assist! http://auscert.org.au/14715

Richard