security update
Microsoft releases critical fixes for IE and Exchange Server
There’s a remotely exploitable, publicly disclosed, critical remote code execution vulnerability in Microsoft Exchange (MS13-061)! But wait, is it really remotely …
Microsoft to release three critical fixes
The August 2013 Patch Tuesday advance notification includes a slightly higher volume of fixes than last month, but only 3 of 8 are critical, which is down from July’s 6 …
Vendors patch security vulnerabilities within 3 weeks
High-Tech Bridge Security Research Lab released its statistics on web application security for the first half of 2013. The statistics is based on HTB Security Advisories that …
Oracle releases Critical Patch Update
Relatively quiet Critical Patch Update (CPU) from Oracle this quarter. Relative is of course subjective to Oracle, since this gigantic pile of unrelated code fixes includes 89 …
Microsoft gives app developers 180 days to fix bugs
This month’s Patch Tuesday has been a prolific one, and patches for a total of 34 vulnerabilities – six of which critical – have been made available for …
Firefox 22 delivers 14 security updates
Mozilla released Firefox 22, which includes 14 security updates: four are critical, six high, three moderate and one low. Fixed in this version: MFSA 2013-62 Inaccessible …
Oracle releases critical security updates for Java
Oracle released 40 new Java security fixes. 37 of the vulnerabilities may be remotely exploitable without authentication. This was described as the possibility of being …
Microsoft patches IE, Office and Windows
For Patch Tuesday this month, we are receiving critical updates from both Microsoft and Adobe. Microsoft has five bulletins, bringing the six-month total up to 51 bulletins, …
Microsoft to release five bulletins next week
Microsoft released advance notification for next week’s Microsoft patch and it looks like we’re getting only five bulletins. We received several comments on what …
Changes to the Java security model
The upcoming security changes in Oracle Java address three long-standing issues with the Java security model. The most significant change is how signed applets are handled. In …
Questioning Google’s disclosure timeline motivations
The presence of 0-day vulnerability exploitation is often a real and considerable threat to the Internet – particularly when very popular consumer-level software is the …
Automate your way out of patching hell
IT departments are often criticised for their remoteness from the business. One cause could be highlighted by recent research numbers from IDC, which found that as much as 70 …
Featured news
Resources
Don't miss
- NIST proposes new metric to gauge exploited vulnerabilities
- Cyber threats are changing and here’s what you should watch for
- Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations
- TikTok videos + ClickFix tactic = Malware infection
- DanaBot botnet disrupted, QakBot leader indicted