18. April 2010 by admin.

A serious vulnerability exists in Java and Sun has known about this vulnerability since around April 9th. This exploit can occur because the Java Browser Plugin  is running “javaws.exe” without validating command-line parameters.  Last week, when confronted about the problem, Oracle said they did not consider this vulnerability to be of high enough priority to break their quarterly patch cycle.

A U.S.-based Web site, Songlyrices.com was compromised by attackers, and was redirecting visitors to a Russian server feeding the Java attack as well as other exploits.

Now that users have started reporting that they are being infected by the drive-by Java attacks, Oracle has changed its mind and issued a patch.  If you haven’t already patched this vulnerability you can download Java software at http://www.java.com/en/download/index.jsp

Posted in security, Drive-by Infection, Patches, Malware, Computers | No Comments »

10. April 2010 by admin.

The coming “Patch Tuesday on April 13th, 2010 features 11 important security and functional patches.

Here are the patches Microsoft says will be released:

Bulletin 1: Critical (Remote Code Execution) – Affects Windows
Bulletin 2: Critical (Remote Code Execution) – Affects Windows
Bulletin 3: Critical (Remote Code Execution) – Affects Windows
Bulletin 4: Critical (Remote Code Execution) – Affects Windows
Bulletin 5: Critical (Remote Code Execution) – Affects Windows
Bulletin 6: Important (Elevation of Privilege) – Affects Windows
Bulletin 7: Important (Remote Code Execution) – Affects Windows
Bulletin 8: Important (Remote Code Execution) – Affects Office
Bulletin 9: Important (Denial of Service) – Affects Windows & Exchange
Bulletin 10: Important (Remote Code Execution) – Affects Office
Bulletin 11: Moderate (Spoofing) – Affects Windows

To learn more about these patches, visit the Microsoft Security Bulletin page.

Posted in security, patch testing, Patch Tuesday, Patches, Uncategorized | No Comments »