1 / 9

PREVIOUS GNEWS

PREVIOUS GNEWS. Patch Tuesday. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter. MS10-071 - Cumulative Security Update for Internet Explorer MS10-072 - SafeHTML , Could Allow Information Disclosure

davidjwhite
Download Presentation

PREVIOUS GNEWS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PREVIOUS GNEWS

  2. Patch Tuesday • 16 Patches / 49 Vulns – 4 Critical • Affecting most everything • Other updates, MSRT, Defender Definitions, Junk Mail Filter • MS10-071 - Cumulative Security Update for Internet Explorer • MS10-072 - SafeHTML , Could Allow Information Disclosure • MS10-073 - Windows Kernel-Mode Drivers, Elevation of Privilege • MS10-074 - Microsoft Foundation Classes, Remote Code Execution • MS10-075 - Media Player Network Sharing Service, Remote Code Execution • MS10-076 - Embedded OpenType Font Engine, Remote Code Execution • MS10-077 -.NET Framework, Remote Code Execution • MS10-078 - OpenType Font (OTF) Format Driver, Elevation of Privilege • MS10-079 - Microsoft Word, Remote Code Execution • MS10-080 - Microsoft Excel, Remote Code Execution • MS10-081 - Windows Common Control Library, Remote Code Execution • MS10-082 - Windows Media Player, Remote Code Execution • MS10-083 - COM Validation in Windows Shell and WordPad, Remote Code Execution • MS10-084 - Windows Local Procedure Call, Elevation of Privilege • MS10-085 - SChannel, Denial of Service (2207566) • MS10-086 - Windows Shared Cluster Disks, Tampering

  3. Holes / Patches • Oracle, 85 patches • Adobe, 3 patches (23 holes in Reader) • APSB10-21 Adobe Reader and Acrobat • APSB10-22 Adobe Flash Player • APSA10-03 Flash Player • Apple, • Security Update 2010-006 • QuickTime 7.6.8 • Cisco • 14 patches, multiple products • NTP and SSLVPN, DoS • Multiple issues with H.323 • Browsers • YES

  4. Corp. Hell • Apple patents parental controls • Apple trademarks “there’s an app for that”

  5. Papers Hakin9 is out (email, ipv6, voip) (IN)Secure Magazine #27 is out

  6. Updates OWSP ZAP (Zed Attack Proxy) A fork of Paros Proxy

  7. Past Cons Gfirst 6 presentations posted (Aug 2010) http://www.us-cert.gov/GFIRST/presentations.html Lite coverage of HITB http://www.themalaysianinsider.com/features/article/securing-the-future/

  8. Con ToorCon San Diego CA 20 – 22 Oct 2010 DayCon Dayton, OH 22 – 23 Oct 2010 SecTor Toronto CA 25 – 27 Oct 2010 B-Sides Dallas, TX 6 Nov 2010

  9. All images scavenged without permission All images scavenged without permission

More Related