Home » Security Alert

Security Alert

  • June 11, 2013 - Microsoft Updates for Multiple Vulnerabilities

    Microsoft has released 5 Security Bulletins (Severity: 1 is critical ; 4 are important) that multiple vulnerabilities in Microsoft Windows, Internet Explorer and Microsoft Office on 11 June 2013. These vulnerabilities could allow remote code execution, information disclosure, denial of service, or elevation of privilege.  Microsoft has released updates to address these vulnerabilities.

    Users are advised to perform Microsoft Update and apply the required services pack or update as soon as possible.

    You may perform Windows Update through Internet Explorer 7/8/9/10 browser.

    (1) In the Menu bar, click "Tools", then choose "Windows Update". Or;
    (2) In the Command bar, click "Safety", then choose "Windows Update".

    For details, please refer to:
    http://technet.microsoft.com/en-us/security/bulletin/ms13-jun
     

  • May 14, 2013 - Security Updates for Adobe Reader and Adobe

    Adobe has released security updates for Adobe Reader and Acrobat to address multiple vulnerabilities in 16 May 2013. These vulnerabilities could cause a crash and potentially allow an attacker to take control of an affected system.

    Affected System:
       - Adobe Reader XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
       - Adobe Reader X (10.1.6) and earlier 10.x versions for Windows and Macintosh
       - Adobe Reader 9.5.4 and earlier 9.x versions for Windows and Macintosh
       - Adobe Reader 9.5.4 and earlier 9.x versions for Linux
       - Adobe Acrobat XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
       - Adobe Acrobat X (10.1.6) and earlier 10.x versions for Windows and Macintosh
       - Adobe Acrobat 9.5.4 and earlier 9.x versions for Windows and Macintosh

    Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.

    For details, please refer to:
    http://www.adobe.com/support/security/bulletins/apsb13-15.html

  • April 17, 2013 - Oracle has released multiple updates for Java SE

    Oracle released a critical patch update for Java SE on 17 April 2013.  A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.  Oracle strongly recommends that customers apply the fixes as soon as possible.

     

    Systems Affected

    ================

     * JDK and JRE 7 Update 17 and earlier

     * JDK and JRE 6 Update 43 and earlier

     * JDK and JRE 5.0 Update 41 and earlier

     * JavaFX 2.2.7 and earlier

     

    Apply Updates

    =============

    Developers can download the latest release from http://www.oracle.com/technetwork/java/javase/downloads/index.html .

    Users running Java SE with a browser can download the latest release from http://java.com . Users on the Windows and Mac OS   X platforms can also use automatic updates to get the latest release.

    The latest JavaFX release is included with the latest update of JDK and JRE 7.  For JDK and JRE 6 users, the latest Java FX release is available from http://www.oracle.com/technetwork/java/javafx/

     

    For more complete information, please refer to the following links:

    http://www.us-cert.gov/ncas/alerts/TA13-107A

  • March 12, 2013 - Microsoft Updates for Multiple Vulnerabilities

    There are multiple vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, Microsoft Server Software and Microsoft Silverlight.  A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.  Microsoft has released updates to address these vulnerabilities.

    For details, please refer to:
    http://www.us-cert.gov/ncas/alerts/TA13-071A

  • March 05, 2013 - Oracle Java Contains Multiple Vulnerabilities

    An arbitrary memory read and write vulnerability in the Java JVM process could allow an attacker to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate website and upload a malicious Java applet (a "drive-by download" attack).

    Any web browser using the Java 5, 6, or 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors.

    Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available.

    Further technical details are available in Vulnerability Note VU#688246.

    For details, please refer to:
    http://www.us-cert.gov/ncas/alerts/TA13-064A

  • Feb 20, 2013 - Oracle Java Multiple Vulnerabilities

     

    The Oracle Java SE Critical Patch Update Advisory Update for February 2013 addresses multiple vulnerabilities in the Java Runtime Environment (JRE). An additional five fixes that had been previously planned for delivery are in this update. This distribution therefore completes the content for all originally planned fixes to be included in the Java SE Critical Patch Update for February 2013. 
     
    Both Java applets delivered via web browsers and stand-alone Java applications are affected, however web browsers using the Java plug-in are at particularly high risk.
    The Java plug-in, the Java Deployment Toolkit plug-in, and Java Web Start can be used as attack vectors. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate website and upload a malicious Java applet (a "drive-by download" attack).

    Some vulnerabilities affect stand-alone Java applications, depending on how the Java application functions and how it processes untrusted data.

    Reports indicate that at least one of these vulnerabilities is being actively exploited.

    For details, refer to 
  • Feb 1, 2013 - Oracle Java 7 Multiple Vulnerabilities

    The Oracle Java SE Critical Patch Update Advisory for February 2013 addresses multiple vulnerabilities in the Java Runtime Environment (JRE). Both Java applets delivered via web browsers and stand-alone Java applications are affected, however web browsers using the Java 7 plug-in are at particularly high risk. Java 7 versions below Update 13 are affected.

    The Java 7 plug-in, the Java Deployment Toolkit plug-in, and Java Web Start can be used as attack vectors. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a "drive-by download" attack).

    Some vulnerabilities affect stand-alone Java applications, depending on how the Java application functions and how it processes untrusted data.

    Reports indicate that at least one of these vulnerabilities is being actively exploited.

    For details, please refer to
    http://www.us-cert.gov/cas/techalerts/TA13-032A.html

Pages

Subscribe to Security Alert