Tuesday, August 30, 2011

Vulnerability and Patch Report, August 29, 2011

Vulnerability and Patch Report, August 29, 2011

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Flash 10.3.183.7: Users can check their version of Flash and download updates at this site.

F-Secure: This popular program has released patches to several programs to correct a highly critical vulnerability. Updates are available for both F-Secure Anti-Virus 2010 and 2011 and F-Secure Internet Security 2010 and 2011. The program should update itself automatically but users will want to check that they are running the latest versions of these programs.

Google Chrome 13.0.782.215: Google has released Chrome 13.0.782.215 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities, several of which are highly critical. Updates are available from within Chrome via “Customize > About Google Chrome.” (“Customize” is the wrench-shaped icon in the upper right hand corner.)

Java 6 Update 27: Users can check their version of Java and download updates at this site. Users will want to remove older Java versions as these pose a security risk. This can be done from the Windows Control Panel. Instructions are available from Java at this site.

For Your IT Department
Cisco: Cisco has released three security advisories to address vulnerabilities affecting the Cisco Unified Communications Manager, the Cisco Unified Presence Server, and the Cisco Intercompany Media Engine. These vulnerabilities may allow an attacker to disclose sensitive information or cause a denial-of-service condition. More information is available from US-CERT.


Newly Announced Unpatched Vulnerabilities
None


Important Unpatched Vulnerabilities
ACDSee Photo: Several highly critical vulnerabilities have been identified in various ACDSee photo products. Vulnerabilities have been identified in FotoSlate, Photo Editor 2008, and Picture Frame Manager. No patches are available at this time. Readers should refrain from using ACDSee to open untrusted files. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 12.

ACD Systems Canvas CorelDRAW: A highly critical vulnerability has been found in ACD Systems Canvas which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files. Readers should refrain from opening untrusted files in ACD Systems Canvas. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.

HTC Mobile Devices: The security vulnerability in the default Twitter application (Peep) in HTC products remain unpatched. Readers should refrain from using the default Twitter application (Peep). We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, February 11.

Microsoft Windows XP: A less-critical security vulnerability has been found in Windows XP which can be exploited by malicious, local users to disclose potentially sensitive information or cause a DoS (Denial of Service). No patch is available at this time. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, August 7.

Microsoft Word: A highly critical vulnerability has been found in Microsoft Word XP and 2002. No patch is available at this time. Readers should refrain from opening untrusted files in these earlier versions of Word. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, June 19.

Microsoft Office for Mac: A highly critical vulnerability has been discovered in Microsoft Office for the Mac which can be exploited by cyber criminals to take control of a user’s computer. Security updates are currently unavailable. Readers should refrain from opening untrusted files in Office. We first alerted readers to this vulnerability in Weekend Vulnerability & Patch Report, May 13, 2011.

Microsoft Reader: The highly critical vulnerability in Microsoft Reader, versions 2.x, remains unpatched. Readers should refrain from opening untrusted files in Reader. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, April 15.

PDF-Pro: Several highly critical vulnerabilities in PDF-Pro, a popular alternative to Adobe Acrobat, remain unpatched. Readers should refrain from opening untrusted files in PDF-Pro. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, March 4.

Quick View Plus CorelDRAW: A highly critical vulnerability has been found in Quick View Plus which can be exploited by malicious people to compromise a user’s system. Users should not view untrusted CDR files in Quick View Plus. We first alerted readers to this vulnerability in Weekend Vulnerability and Patch Report, July 31.

If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.  If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.

Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Provided by SecuirtyRecruiter.com's Security Recruiter Blog

SecurityRecruiter.com's Security Recruiter Blog