Security updates from Adobe, Mozilla, Microsoft, NVIDIA, Asterisk

The year is starting with a lot of pressure for  Adobe, Mozilla, Microsoft, NVIDIA and Asterisk which had to push security updates to fix several critical security vulnerabilities.

 

Microsoft has released their monthly patch containing seven bulletins  which close 12 security problems rating as Critical and Important. All versions of Windows are affected, including Windows 8 and Windows Server 2012. Also Microsoft Office Suites version 2003 and version 2007, Sharepoint Server 2007, Microsoft Groove Server 2007, Microsoft System Center Operations Manager 2007 and 2007 R2  are affected.

They are all affected by the critical vulnerabilities found in Microsoft XML Core Services 5.0 (MS13-002) which could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.

The other critical vulnerability is in Windows Print Spooler Components that could allow remote code execution (MS13-001) if a print server received a specially crafted print job.

You don’t have to do anything in special about these updates. They will be delivered using Windows Update. Note that a reboot is required after the installation.

 

  Adobe

Adobe has released 27 fixes in AirFlash, Reader and Acrobat. With such an amount of fixes, all that we can do is to recommend you to urgently install the patches as specified in the links. Of course, when Adobe has such a storm of patches this means that all browsers will have to release this update as well. So, expect updates also from the major browsers on supported operating systems.

 

   Mozilla

Firefox 18  revokes the mis-issued TURKTRUST certificates and fixes other 20 issues (12 critical).

Thunderbird 17.0.2 revoked also the same flawed certificate and fixes other 18 issues (12 critical).

 SeaMonkey 2.15 revoked also the same flawed certificate and fixes other 19 issues (12 critical).

 

 NVIDIA

Released an updated suite with version 310.90 which fixes a buffer overflow in a kernel driver. The vulnerability could be exploited by an attacker to obtain administrator privileges for Windows versions from Vista above.

 

 Asterisk

Several vulnerabilities were fixed in the well-known open source VOIP application. The vulnerabilities are buffer overflows on the stack which can be exploited using the HTTP, SIP and XMPP protocols. Digium, which uses the open source software in their commercial VoIP phones released also new firmware based on the fixes made in the open source version.

 

Sorin Mustaca

IT Security Expert

via Avira – TechBlog http://techblog.avira.com/2013/01/10/security-updates-from-adobe-mozilla-microsoft-nvidia-asterisk/en/


© Copyright 2013 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

Comments are closed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close