90 likes | 101 Views
PREVIOUS GNEWS. Patch Tuesday. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter. MS10-071 - Cumulative Security Update for Internet Explorer MS10-072 - SafeHTML , Could Allow Information Disclosure
E N D
Patch Tuesday • 16 Patches / 49 Vulns – 4 Critical • Affecting most everything • Other updates, MSRT, Defender Definitions, Junk Mail Filter • MS10-071 - Cumulative Security Update for Internet Explorer • MS10-072 - SafeHTML , Could Allow Information Disclosure • MS10-073 - Windows Kernel-Mode Drivers, Elevation of Privilege • MS10-074 - Microsoft Foundation Classes, Remote Code Execution • MS10-075 - Media Player Network Sharing Service, Remote Code Execution • MS10-076 - Embedded OpenType Font Engine, Remote Code Execution • MS10-077 -.NET Framework, Remote Code Execution • MS10-078 - OpenType Font (OTF) Format Driver, Elevation of Privilege • MS10-079 - Microsoft Word, Remote Code Execution • MS10-080 - Microsoft Excel, Remote Code Execution • MS10-081 - Windows Common Control Library, Remote Code Execution • MS10-082 - Windows Media Player, Remote Code Execution • MS10-083 - COM Validation in Windows Shell and WordPad, Remote Code Execution • MS10-084 - Windows Local Procedure Call, Elevation of Privilege • MS10-085 - SChannel, Denial of Service (2207566) • MS10-086 - Windows Shared Cluster Disks, Tampering
Holes / Patches • Oracle, 85 patches • Adobe, 3 patches (23 holes in Reader) • APSB10-21 Adobe Reader and Acrobat • APSB10-22 Adobe Flash Player • APSA10-03 Flash Player • Apple, • Security Update 2010-006 • QuickTime 7.6.8 • Cisco • 14 patches, multiple products • NTP and SSLVPN, DoS • Multiple issues with H.323 • Browsers • YES
Corp. Hell • Apple patents parental controls • Apple trademarks “there’s an app for that”
Papers Hakin9 is out (email, ipv6, voip) (IN)Secure Magazine #27 is out
Updates OWSP ZAP (Zed Attack Proxy) A fork of Paros Proxy
Past Cons Gfirst 6 presentations posted (Aug 2010) http://www.us-cert.gov/GFIRST/presentations.html Lite coverage of HITB http://www.themalaysianinsider.com/features/article/securing-the-future/
Con ToorCon San Diego CA 20 – 22 Oct 2010 DayCon Dayton, OH 22 – 23 Oct 2010 SecTor Toronto CA 25 – 27 Oct 2010 B-Sides Dallas, TX 6 Nov 2010
All images scavenged without permission All images scavenged without permission