System administrators overseeing Microsoft Exchange deployments should take a close look at Microsoft's latest round of security patches. In addition to covering Windows and Internet Explorer, Microsoft's latest monthly batch of patches covers the widely used Exchange Server, both the Exchange Server 2007 and Exchange Server 2010 editions.
ReVuln, a Malta-based security startup that specializes in vulnerability research, is working on a product that could allow companies to protect their SCADA (supervisory control and data acquisition) software installations against entire classes of vulnerabilities. In the meantime, the company is developing and selling custom patches for SCADA software vulnerabilities that have yet to be addressed by the vendors.
Security researcher Tavis Ormandy discovered critical vulnerabilities in the antivirus product developed by U.K.-based security firm Sophos and advised organizations to avoid using the product on critical systems unless the vendor improves its product development, quality assurance and security response practices.
Adobe has fixed six critical vulnerabilities in Shockwave Player that could potentially be exploited by attackers to execute malicious code, via the release of version 11.6.8.638 of the software.
Intel underwent a complex patching process in order to fix a recently discovered flaw in the SINIT ACMs (Authenticated Code Modules) that allowed for the TXT (Trusted Execution Technology) implemented in its microprocessors and chipsets to be bypassed.
The company also dealt with more fallout from the June hack of DigiNotar by flipping the "kill switch" on SSL (secure socket layer) certificates issued by Dutch certificate authority, or CA.
The spring of 2011 has seen some of the largest Microsoft Patch Tuesdays ever. In April, <a href="http://www.networkworld.com/subnets/microsoft/">Microsoft</a> tied its all-time record with 17 updates that fixed 64 vulnerabilities. In June, the company issued <a href="http://www.networkworld.com/community/blog/microsoft-will-issue-16-patches-tuesday-9-the">another biggie</a>, with 16 updates that fixed 34 vulnerabilities.
Apple on Monday patched 56 vulnerabilities, most of them critical flaws that could be used to hijack machines, as part of 2011's first broad update of Mac OS X.
That pesky PDF distiller in Research In Motion's (RIM) BlackBerry Enterprise Server (BES) BlackBerry Attachment Service has yet again been identified as a security risk, and RIM has issued another "interim security update" to patch the vulnerability.
Research In Motion yesterday released an "interim security update" for BlackBerry Enterprise Server (BES) 5.0 Service Pack 2 (SP2)for Microsoft Exchange and IBM Lotus Domino due to a vulnerability that could have potentially allowed a hacker or other malicious person access to organizations' BES infrastructure. That flaw could have also been used to execute Denial of Service (DoS) attacks, according to the BlackBerry-maker. And it affects not just the full version of BES, but the free BES Express, as well.
Microsoft isn't the only company planning a boatload of security patches for next week. Oracle plans to fix 81 vulnerabilities in its database, middleware and operating system products on Tuesday, the same day Microsoft's fixes are due.
Apple patched a critical vulnerability in QuickTime on Wednesday that was reported to the company by a bug bounty program months ago.
Adobe said today that it would patch a critical Reader vulnerability on Thursday.
Microsoft says it will deliver six security updates next Tuesday, including two for holes that hackers have been using for months to attack Windows and Internet Explorer (IE).
Changes to daylight saving time in New Zealand and elsewhere could force some American multinationals to revisit the patches they updated to manage US daylight-time changes in March