Weekend Vulnerability and Patch Report, December 3, 2010

The following software updates were released last week. Citadel strongly recommends that readers upgrade these programs on their computers.

McAfee VirusScan Enterprise: A highly critical vulnerability has been found in McAfee VirusScan Enterprise, which can be exploited by malicious people to compromise a user's system. The vulnerability is confirmed in version 8.5.0i. Other versions may also be affected. The vulnerability has been fixed in McAfee VirusScan version 8.7i and later.

Google Chrome: Google has released version 8.0.552.215 to fix multiple vulnerabilities in Google Chrome 7.x. The latest version of Chrome is available here.

WordPress 3.0.2: WordPress has released WordPress 3.0.2 to address multiple security vulnerabilities. The new version is available here.

D-Link DIR-615: Moderately critical vulnerabilities have been found in this popular wireless router. The vulnerabilities have been found in firmware versions prior to revision D.4-13B01. Users should update their routers to the latest firmware version. Information from D-Link on how to upgrade the firmware on the DIR-615 line of routers can be found here.  

News of Important Vulnerabilities.

CA Internet Security Suite Plus 2010: A vulnerability has has been discovered in CA Internet Security Suite Plus which can be exploited by malicious, local users to gain escalated privileges. No patch is available at this time.

Palm Pre WebOS: Dark Reading reports a moderately critical vulnerability has been found in WebOS 1.4.x versions. According to Secunia, this vulnerability has reportedly been fixed in WebOS 2.0 beta.We have no more information at this time. Palm's web-site is here.  

Kindle for PC: A vulnerability has been discovered in the Kindle for PC program 1.x. According to Secunia, no patch is available at this time. Users are cautioned to only open files from trusted sources. 

Adobe Reader: If you have not yet updated to Adobe Reader X (as we recommended last week), you should do so now. You can download Reader X using the Adobe Download Manager from the Adobe Reader web site. To avoid the Download Manager with its attempt to get you to download other software as well, Windows users can download Windows Reader X here while Mac users can download Mac Reader X here. 

Microsoft Internet Explorer: Microsoft has still not issued an update to fix a zero-day highly critical vulnerability in Internet Explorer that, according to KrebsOnSecurity.com, cyber criminals are exploiting to break into Windows computers.We suggest running the latest version of Firefox with the NoScript add-on as an alternative to IE.

If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.

If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer's computers.

The Weekend Vulnerability and Patch Report is intended to raise user awareness to cyber security challenges by alerting them to some of the week's important vulnerability news and updates.  

 

© Copyright 2010. Citadel Information Group. All Rights Reserved.