Internet Explorer, Microsoft, Patches and updates, Security, Windows

Advance notification for April 2014 Patch Tuesday

April 5, 2014 jrivett Leave a comment

Next Tuesday is much more significant than the usual Patch Tuesday, because this crop of updates will be the last one for both Windows XP and Office 2003.

After April 8, most of the IT-enlightened world will be holding its collective breath, waiting for a likely deluge of hacks, attacks and malware based on vulnerabilities in Windows XP and Office 2003.

According to the official advance warning bulletin from Microsoft, this month’s updates will include patches for Office, Windows and Internet Explorer. Two of the patches are flagged as Critical.

One of the patches addresses the recently-discovered vulnerability in Word’s handling of RTF documents.

As usual, there’s a somewhat less technical overview of the upcoming updates on the MSRC blog.

The SANS InfoSec Handlers Diary blog has its own take on the upcoming updates.

Security

SANS Ouch! newsletter: Yes, you are a target

April 4, 2014 jrivett Leave a comment

This month’s Ouch! newsletter (PDF) from SANS should dispel any thoughts you may have regarding your digital safety.

In the networked world, if your device is connected, it is potentially vulnerable. Staying safe is largely a matter of vigilance: keep your software patched, use strong, unique passwords, and avoid opening suspicious email or browsing shady web sites.

The Ouch! newsletter is aimed at general users, so IT professionals may not learn much from reading it.

Adobe, Flash, Security

Flash vulnerabilities found at Pwn2Own

April 4, 2014 jrivett 1 Comment

The recent Pwn2Own hacking competition revealed vulnerabilities in a variety of software products, including Chrome, Firefox, Internet Explorer, and Flash.

While patches for Firefox and Chrome were released soon after the results of the contest were published, the vulnerabilities in Flash remain unpatched. They are identified as CVE-2014-0506 and CVE-2014-0510. Severity is ranked as high for both vulnerabilities. No exploits for these vulnerabilities have yet been seen in the wild.

Update 2014Apr09: CVE-2014-0506 was fixed in Flash 13.0.0.182.

Opera, Patches and updates

Opera 20.0.1387.91 released

April 3, 2014 jrivett Leave a comment

A new version of the Webkit-based Opera was announced yesterday. The new version fixes several critical bugs.

Microsoft, Windows 8.x

Start menu will return to Windows 8.x… at some point

April 3, 2014 jrivett 1 Comment

It looks like Microsoft has finally relented, and will bring the Start menu back to Windows 8. There’s no official word on a time frame for the change.

Ars Technica has more.

Microsoft, Patches and updates, Windows 8.x

Windows 8.1 Update 1 available starting April 8

April 3, 2014 jrivett 1 Comment

Microsoft recently announced the release date for Windows 8.1 Update 1: April 8, 2014, which is also Patch Tuesday for April. Windows 8.x users will be able to download the update via the Windows Update service.

This update brings back some of the mouse/keyboard and desktop features missing from the original version. Still missing, however, is the Start menu.

Ars Technica has more, as does The Verge.

Microsoft, Security, Windows XP

Millions of computers still running Windows XP

April 3, 2014 jrivett Leave a comment

With less than a week to go before Microsoft ends support for Windows XP, over 27% of Internet-connected computers are still running the venerable O/S, according to an Ars Technica report.

Microsoft has clearly been unable to convince XP users to switch to another O/S, and the days and weeks following April 8 will likely be filled with stories about new malware and attacks on XP-based systems.

boot13

Monthly Archives: April 2014