There have been some very important security updates issued over the last 3 weeks, for commonly used and exploitable programs. Also, critical patches are due to be released by Microsoft, on Dec 14, via Windows Updates. Patching vulnerable software will help you protect your computers from hostile takeover, and/or having them drafted into spam botnets.
Here's the rundown of the latest updates that affect millions of computer users, the World over.
Update!
Google Releases Chrome 8.0.552.224
added December 14, 2010
Google has released Chrome 8.0.552.224 to address multiple vulnerabilities, just 11 days after their previous security update. Apparently, they missed fixing something on Dec 3. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
Google Chrome 8.0.552.215
On December 3, 2010, Google released an updated Chrome browser,version 8.0.552.215, to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information or bypass security restrictions. Use the built-in updater to download the latest version of Chrome. Alternately, visit the Chrome download page and get the newest version there.
Apple QuickTime 7.6.9
On December 8, 2010, Apple released QuickTime 7.6.9 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. You can use the updater in the Windows Control Panel icon, or your start menu Apple Softeare Updates shortcuts to download the latest version of QuickTime, or the previous link. Mac users can use the Apple Software Updater.
WordPress Version 3.0.3
On December 9, 2010, WordPress has released WordPress 3.0.3 to address a critical vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges. You can review the information about this update, and get the latest version for your websites, on the Wordpress v3.03 details page.
Firefox 3.6.13
On December 10, 2010, the Mozilla Foundation released Firefox 3.6.13 to address 11 vulnerabilities, 9 of which were rated as Critical. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, spoof the location bar, or operate with elevated privileges. The Mozilla foundation has also released Firefox 3.5.16 to address these same vulnerabilities. Some of these vulnerabilities also affect Thunderbird and SeaMonkey and are addressed in Thunderbird 3.1.7 and 3.0.11 and SeaMonkey 2.0.11.
Firefox users should receive this update automatically. If you didn't, you can download the current version of Firefox here. You can also use the Help menu Check for Updates link in Firefox browsers.
Microsoft Releases Advance Notification for December 2010 Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its December release will contain 17 bulletins, covering about 40 vulnerabilities. Two of these bulletins will have a severity rating of critical and will be for Microsoft Windows and Internet Explorer. Fourteen of the bulletins will have a severity rating of important and will be for Microsoft Windows, Office, and SharePoint. The remaining bulletin will have a severity rating of moderate and will be for Microsoft Exchange. Release of these bulletins is scheduled for Tuesday, December 14, 2010.
A simple step you can take to keep your exploitable software up to date.
You can use the Secunia Online Software Inspector to check for any out-dated software you may be running, along with links to get the newest versions of same. The report also shows any missing Windows Updates. I run it once a week and recommend you all do the same. They also have a downloadable version, called the PSI, that lives on your PC and checks for a much larger number of out-dated or end-of-life software programs.
Finally, the Windows Applications Insecure Library Loading list has now grown to 337 applications, including 19 from the Microsoft Mothership itself. In all, 97 different vendors have at least one, if not many more programs that could be exploited by a hostile script taking advantage of the dll path vulnerability described in the Microsoft Advisory of August 23, 2010.
With many of the threats targeting the vulnerabilities that were recently patched in these programs, it is imperative that you have up to date anti malware programs running on your PCs. I recommend Trend Micro Internet Security, with its in-the-cloud Smart Protection Network and instant definitions, and also Malwarebytes' Anti-Malware (licensed version for active protection and auto-updating). You may have to install Trend Micro first, then MBAM. That's because TM doesn't like competing products to be already running where it is installed.
back to top ^