Weekend Vulnerability and Patch Report, December 24, 2010

The following software updates were released last week. Citadel strongly recommends that readers upgrade these programs on their computers.

Java Update: Sun has published an update to Java, its ubiquitous browser plug-in. The new version is Java 6, Update 23. Readers can identify their version of Java and get installation help here. Readers will want to pay attention in upgrading Java to make sure that the install does not also install other software, such as the Yahoo Toolbar. 

Important Vulnerabilities.

Microsoft Internet Explorer Vulnerability: Microsoft has warned in a security advisory that an exploit now exists for the critical security vulnerability in Internet Explorer that we wrote about last week. The exploit runs remotely over the Internet, compromising a user's system and stealing sensitive information. The vulnerability has been confirmed in all versions of Internet Explorer, including IE 7 and 8. The exploit for this vulnerability gets around two of the key security defenses built into Windows Vista and Windows 7. We suggest running the latest version of Firefox with the NoScript add-on as an alternative to IE. 

IBM Lotus Notes: Several security vulnerabilities have been identified in IBM Lotus Notes Traveler. Readers should update to version 8.5.1.3 or later. More information is available here.

Adobe Flash: Adobe Flash is a favorite of cyber criminals who seem able to regularly find critical security vulnerabilities in the program. Readers should make sure they are running the latest version of Flash. You can check your version of Adobe Flash here. 

Adobe Reader: Adobe Reader is another favorite of cyber criminals who seem able to regularly find critical security vulnerabilities in the program. Readers should make sure they are running the latest version of Reader. Readers can check for update under "Help" in the file menu. The latest version is 10.0.0.

If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.

 

If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that "exploit" vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer's computers.

The Weekend Vulnerability and Patch Report is intended to raise user awareness to cyber security challenges by alerting them to some of the week's important vulnerability news and updates.  

 

© Copyright 2010. Citadel Information Group. All Rights Reserved.