Microsoft Showing it’s Love – in Advance
Microsoft Security Bulletin Advance Notification for February 2012:
Microsoft has blessed us again with another Patch Tuesday. Here is advanced notification of 9 Bulletins for Valentine’s Day.IE update likely the one users will want to apply ASAP, say researchers
9 Security related bulletins have been issued to close 21 Vulnerabilities
- 4 Critical – Microsoft Windows (2) – Remote Code Execution, Microsoft Windows – Internet Explorer (1) – Remote Code Execution, Microsoft .NET Framework (1) – Remote Code Execution, Microsoft Silverlight (1) – Remote Code Execution
- 5 Important – Microsoft Windows (2) – Remote Code Execution, Microsoft Windows (1) – Elevation of Privilege, Microsoft Office – Windows Server Software (1) – Elevation of Privilege, Microsoft Office (1) – Elevation of Privilege
The full version of the Microsoft Security Bulletin Advance
Notification for February 2012 can be found at: http://technet.microsoft.com/security/bulletin/ms12-feb.
This bulletin advance notification will be replaced with the February bulletin summary on February 14, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification
Past Notifications:
- First Microsoft Patch Tuesday of 2012 (netsecurityit.wordpress.com)
php5 Security Update: Recent PHP security update is flawed
Debian Security Advisory DSA-2403-1
php5 remote code execution, after problems were patched.
Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.
- For the oldstable distribution (lenny), no fix is available at this time.
- For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze7.
- The testing distribution (wheezy) and unstable distribution (sid) will be fixed soon.
Recommended that you upgrade your php5 packages.
Further information about Debian Security Advisories,
found at: http://www.debian.org/security/
Related articles
- PHP 5.3.10 release delivers a critical security fix (php.net)
- Manuel Lemos: Another Serious Security Bug on PHP 5.3.9 (phpclasses.org)
NSIT Patch Notification: Symantec PCAnywhere Local Privilege Escalation, Remote Code
Edward Torkington of NGS Secure has discovered a high risk vulnerability in Symantec PCAnywhere
Impact: Local Privilege Escalation
Versions affected:
Symantec pcAnywhere 12.5.x
IT ManagementSuite 7.0 pcAnywhere Solution 12.5.x
IT Management Suite 7.1 pcAnywhere Solution 12.6.x
An updated version of the software has been released to address these vulnerabilities:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
NGS Secure is going to withhold details of this flaw for three months. This three month window will allow users the time needed to apply the patch before the details are released to the general public. This reflects the NGS Secure approach to responsible disclosure.
Edward Torkington of NGS Secure has discovered a critical vulnerability in Symantec PCAnywhere
Impact: Remote Code Execution (pre-auth) as SYSTEM
Versions affected:
Symantec pcAnywhere 12.5.x
IT Management Suite 7.0 pcAnywhere Solution 12.5.x
IT Management Suite 7.1 pcAnywhere Solution 12.6.x
An updated version of the software has been released to address these vulnerabilities:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00
NGS Secure is going to withhold details of this flaw for three months. This three month window will allow users the time needed to apply the patch before the details are released to the general public. This reflects the NGS Secure approach to responsible disclosure.
NGS Secure Research
http://www.ngssecure.com
Related articles
- In the round file cabinet goes; PCAnywhere (netsecurityit.wordpress.com)
- Symantec advice users to disable pcAnywhere [Clive Eplett] (ecademy.com)
- Anonymous Strikes: Symantec Says Stop Using pcAnywhere – Mashable (mashable.com)
- Symantec Tells Customers To Stop Using pcAnywhere (tech.slashdot.org)
- Uninstall pcAnywhere now, your PC is at risk (geek.com)