copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Publications » AusCERT Web Log » AusCERT Week in Review for 11th November 2011
 

AusCERT Week in Review for 11th November 2011
Date: 11 November 2011

Click here for printable version

Greetings,

As we draw close to the end of Friday afternoon, here's a summary of some of the more interesting bulletins, vulnerabilities and updates that were released over the course of the week:

- First up, Microsoft delivered only four bulletins for its monthly patch day, all of which dealt with vulnerabilities in Microsoft Windows. The most interesting of these was the fairly scary and surprising vulnerability in the Windows TCP/IP stack which could allow for code execution by crafted UDP packets on a closed port. The other three bulletins dealt with a denial of service caused by specially crafted TrueType fonts, a code execution vulnerability in Windows Mail and Windows Meeting Space, and a privilege elevation vulnerability in Active Directory.

- Following up on the recent debacle where "DigiCert Sdn. Bhd" issued 22 certificates with cryptographically weak keys, we saw updates for NSS from both Debian and Red Hat. Microsoft also published a bulletin and updates for Microsoft Windows and Microsoft Windows mobile devices today to revoke the trust of two intermediate CA certificates.

- Adobe also released an update for Shockwave Player. This update corrects a code execution vulnerability that could be exploited through malicious shockwave content.

- Apple too was busy this week, releasing three bulletins. The first bulletin covered vulnerabilities in Java as used by OS X, which could allow for code execution. The second bulletin was issued to fix a number of issues in iOS for the iPhone, iPod touch and iPad, covering code execution and confidential data access vulnerabilities. The third Apple bulletin announced the release of updated firmware for Time Capsule and Airport Base Station which corrects a potential code execution vulnerability. [11]

- Mozilla also released new versions of both Firefox and Thunderbird, a major release with version 8.0 of both programs, as well as updates for the 3.6.x branch. These updates for Firefox and Thunderbird corrected a number of vulnerabilities with impacts ranging from code execution and denial of service, to privilege escalation and confidential data access. [12]

Have a great weekend!
Jonathan


Comments? Click here http://www.auscert.org.au/render.html?cid=7066&it=15091