recent posts

Web Fraud 2.0: Distributing Your Malware
Opera Update Plugs Multiple Security Holes
Web Fraud 2.0: Digital Forgeries
Web Fraud 2.0: Validating Your Stolen Goods
Web Fraud 2.0: Cloaking Connections

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Apple, Microsoft Release Software Patches

Apple and Microsoft today released updates to fix security problems in their software, including a patch bundle for the popular QuickTime media player, as well as fixes for computers running Windows and Microsoft Office.

The QuickTime update, available for both Mac and Windows systems, mends seven security holes that Apple said could let attackers install malicious programs if a user opened specially crafted media files. The newest version is QuickTime 7.1.3, and it is available at this link.

Microsoft issued two patches to fix flaws in Windows, one of which the company said could let bad guys hijack vulnerable PCs. The more serious of the two affects Windows XP systems. Another patch corrects a critical flaw in Microsoft Publisher. If you use a Windows system and do not have your machine set to fetch Windows updates on its own via Automatic Updates, point Internet Explorer over to Microsoft Update to download and install these updates.

Microsoft also re-released two patches that it issued in August, including the Internet Explorer update that caused problems for some people running IE on Windows 2000 and Windows XP systems that do not have Service Pack 2 installed. In addition, it re-issued another patch that was creating glitches for some users of Windows Server 2003 and Windows XP Professional 64-Bit systems.

Microsoft pushed out an advisory on an important update for Adobe's Flash Player program, which is installed by default on millions of PCs running Windows. In May, Microsoft pushed out a Flash update to fix a couple of serious security holes in prior versions of Flash, a version of which ships with all Windows XP systems. Today, Redmond called attention to an Adobe update that mends three newly disclosed flaws in Flash Player version 8.0.24.0. The newest version -- v. 9.0.16.0 -- fixes those problems and is available from Adobe's site.

To see which version of Flash you have installed, go to this link on Macromedia's site. If you run Flash on your machine, try not to put off updating: Vulnerability watcher Secunia rated the Flash flaws "highly critical," as they could be exploited just by convincing a user to visit a malicious Web site.

Finally, I mentioned last week that Microsoft was going to issue a couple of high-priority, non-security related updates for Windows. When I scanned my Windows XP machine at Microsoft Update, it presented me with two non-security updates, including one to fix what Microsoft says is an audio problem that could cause stability issues for Windows XP users. The other one addresses errors that some Windows users have been seeing when trying to download updates via Microsoft Update, Windows Update, and Automatic Updates.

By Brian Krebs |  September 12, 2006; 5:37 PM ET New Patches
Previous: Three Patches from Microsoft Next Week | Next: AOL Issues Security Update

Comments

Please email us to report offensive comments.



I had a little trouble getting to the updated version of QuickTime using the link in the article. I'm using the beta 2 of Firefox 2.0, and the Apple site appears to get confused when it tries to detect the OS (it claims JavaScript is off, which is not true). Anyway, for the Windows version, the following more direct link seems to bypass the problematic bit:
http://www.apple.com/quicktime/download/win.html

Posted by: Rich Gibbs | September 12, 2006 11:37 PM

After three months of being pounded with some of the largest Microsoft patch cycles ever, it looks as though they're providing us with a breather. Don't get too comfortable though. Researchers seem to have plenty of Microsoft content in their queue. Look no further than the 7 pending advisories in the ZDI queue - http://www.zerodayinitiative.com/upcoming_advisories.html for proof of that. I've made the following blog post discussing my thoughts on this months Microsoft patches - http://portal.spidynamics.com/blogs/msutton/.

Posted by: Michael Sutton | September 13, 2006 10:25 AM

Further to my post last night, here is the direct link to the download page for the Mac version of QuickTime (it was tough to guess):
http://www.apple.com/quicktime/download/mac.html


Posted by: Rich Gibbs | September 13, 2006 11:14 AM

The Flash Vulnerability is of major concern. According to the research outfit who discovered the vulnerability, the issue is exploitable across all major platforms....some 800m computers.

Read more here http://www.computerterrorism.com

Posted by: Eric Medd | September 13, 2006 11:14 AM

Is there a link for the standalone, non-iTunes download for the latest Quicktime?

Posted by: QT no iT | September 15, 2006 8:38 AM

I was looking for the standalone QT download without iTunes, which used to be hard to find on their site, and I thought they'd gotten rid of it, forcing you to choose iTunes or nothing. But they've actually made the no-iTunes version more prominent. So prominent that I missed it because I was expecting it to be hidden away on the site somewhere.

Posted by: QT no iT | September 15, 2006 8:42 AM

Add Firefox to the patch list. Today, they pushed out version 1.5.0.7

Posted by: JohnJ | September 15, 2006 6:12 PM

By the way, my Quicktime before installing this update told me I had the latest version. If it weren't for this column, I would have believed that!

Posted by: QT no iT | September 16, 2006 6:31 PM

Under large efforts is to be made for our unerschrockenen reporter daily Klaus succeeded an interview with a Abtrünnigen of the "wormhole activists". It reports: "After a long and not harmless journey to the interior I met with Mr. Q. (name is well-known the editorship) at a lonely place." To this meeting daily Klaus was on the way, partial several hours under employment of his life. "We met completely far outside on a dusty parking lot. The man had come alone and insisted on absolute secrecy of its name and his location." "After I was scanned for weapons and bugs went we into an equipment shed." "There the eyes were connected for me and I into another area led where from me the eye bandage were removed." "Opposite me a maintained, large braunhaariger man, that sat with a Luger on me aimed." "I give to me ran the fear sweat in the necks." "He spoke perfect English, so far I that as Nichtengländer to judge can." "On the question as I it to respond should, said he only: "Call me John," "John, which are "Cyberwurmlöcher?" "Those are so a kind window into the other computer", said John. "Like funktioniern it?" "Tja that is however here and today only as many long history. There are elements calls we it once "wormhole transmitters", those by the "Cyberwurmloch directly to your computer to look can." "As, John goes?" "For large explanations I have now no more time. I must give also to my family consideration. More I tell you then with the next meeting," said he and rose. "When can I again-meet you John?" "I call you on." As much to the interview that our reporter daily Klaus under employment of its life with John, who Abtrünnigen of the group of the asking errorists led. We will continue to report. Much luck daily Klaus

URL of orgin:
http://xaurode.blog.de/2006/09/16/tagesklausas_neueste_wurmlochinformation~1132413
translation: machine
My opinion: "still possibilites to make it better.
xai*

Posted by: xai.in.the.sky | September 17, 2006 8:56 AM

The comments to this entry are closed.

 
 

©  The Washington Post Company