Good afternoon,

This week has been quiet for advisories relative to last week. This may allow some reprieve and time to catch up on the patching schedules you have.

Of note this week is the update for PHP [ASB-2011.0066] which corrects a possible remote code execution vulnerability. We are not aware of any public exploits for this yet.

Secondly, Mozilla has released updates to their products including Firefox, Thunderbird and SeaMonkey [ASB-2011.0065]. It is strongly recommended that you update all clients to the latest version as there are some serious remote code execution flaws in these products.

The last product I'll mention specifically is Apache Tomcat [ASB-2011.0064]. It is an underlying system utilised by many of your business applications. There are some vulnerabilities that should be addressed sooner rather than later in these updates.

Here is a random thought for you, what extra proactive measurements do you take to protect your infrastructure? In particular, let us consider the corporate website which may or may not contain sensitive information. Do you rely solely on vendor patches to correct security issues? I recommend putting some time into investigating the possibility of using extra mechanisms such as:

• mod_security (Apache)
• mod_evasive (Apache)
• PHPIDS (IIS or Apache)
• URLScan (IIS)
• GreenSQL (Windows/UNIX)

Have a good weekend.

Regards,
Zane.