Greetings,

I am sure there were many interesting bulletins to talk about, but first I must vent my personal frustration about the choice of Microsoft patch day for next week. As many of you know Microsoft releases patches on the second Tuesday of every month. Now because we (Australia and New Zealand) live "in the future" we actually get these on Wednesday Morning. So far so good. Brisbane (where we are based) has a public holiday for the Ekka on Wednesday the 13th. Since most of our members do not live in Brisbane - we work over this day. However - this Wednesday Microsoft has decided to release 12 (yes t-w-e-l-v-e) bulletins, 7 of which are "Critical". So I will have the good fortune of processing these rather than eating Candyfloss and Dagwood-dogs.

Anyway - enough with the sob-story.

We are still seeing DNS patches coming out - so for the last time (now that the BlackHat presentation has come and gone) check your DNS are belong to us - I mean are patched.

Interesting vulnerabilities for the week:

1. Multiple vulnerabilities in Ingres Database for Linux - If anyone uses Ingres or uses products that come with Ingres you may want to patch them (even if it does require an existing account).
2. BIND has released "P2", which is a speed-up patch for the DNS vulnerability that I was not going to mention again.
3. Multiple vulnerabilities were found in Python which would allow remote code execution. So you know what they say - patch-dis makes perfect.
4. Sun's new xVM has vulnerabilities that allow existing users to run code in the host machine's kernel. Again, a local exploit - but not a nice one.
5. Webex Meeting Manager ActiveX control vulnerability - this is a remote code execution vulnerability, so if you have used this meeting software, check that you have the latest version of the ActiveX installed (because you will probably have some version installed).

That about wraps up the week. Enjoy your Ekka holiday everyone in Brisbane.

Regards, Richard