This week, as I’ve compiled my list of updates to popular software packages – in the interest of keeping everyone informed and current to prevent security problems – we have quite a list of changes. Microsoft released their monthly “patch Tuesday” fixes last week, and on top of that we’ve seen browser security patches in Safari and Google Chrome; and we’ve seen WordPress get another security patch as well.
The moral of the story here is that you just can’t rest – as a computer owner with connections to the internet, you must keep active with your software updates – there are a seemingly endless stream of exploits being developed, and they almost always go after users with down-revision software. So, let’s see what’s been updated in the past week or so, and please do take a few minutes to check and ensure you are current with the latest versions.
We’ll start with WordPress – this popular blogging platform is now up to version 2.8.6, correcting two security flaws that allow registered blog users to gain unauthorized access to your server. If you have open blog registrations enabled on your blog (i.e., for commenting), this update is highly recommended. WordPress is due for its 2.9 version update, but the 2.8 version continues to evolve. If you’re hosting your blog on WordPress, upgrade today!
On the Browser front, we’ve seen two updates in the past week:
Google’s Chrome browser was updated November 12 to version 3.0.195.33, fixing two bugs, one of which was a security issue. The update should come automatically, but it is worth checking to ensure you have it.
Apple’s Safari browser received a rather large security update on November 11, to version 4.0.4. This update is highly recommended for all users, as it fixes browser stability issues as well as quite a few security flaws. From Apple’s site:
- Colorsync: Viewing a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution (Windows)
- Libxml: Parsing maliciously crafted XML content may lead to an unexpected application termination (Windows and Mac)
- Safari: Using shortcut menu options within a maliciously crafted website may lead to the disclosure of local information (Windows and Mac)
- Webkit: Visiting a maliciously crafted website may result in unexpected actions on other websites (Windows and Mac)
- Webkit: Accessing a maliciously crafted FTP server could result in an unexpected application termination, information disclosure, or arbitrary code execution (Windows and Mac)
- Webkit: Mail may load remote audio and video content when remote image loading is disabled (Mac)
Finally, we have Microsoft’s Windows November Update:
- MS09-063 – Critical – Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (Windows Vista and Windows Server 2008)
- MS09-064 – Critical – Vulnerability in License Logging Server Could Allow Remote Code Execution (Windows 2000 only)
- MS09-065 – Critical – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (Windows 2000, XP, and Vista, Windows Server 2003 and 2008)
- MS09-066 – Important – Vulnerability in Active Directory Could Allow Denial of Service (Windows XP, Windows Server 2000, 2003 and 2008)
- MS09-067 – Important – Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (Microsoft Office Excel 2002, 2003 and 2007 for Windows, Microsoft Office 2004 and 2008 for Mac, as well as all supported versions of Office Excel Viewer and Office Compatibility Pack)
- MS09-068 – Important – Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (Microsoft Office Word 2002 and 2003 for Windows, Microsoft Office 2004 and 2008 for Mac, and all supported versions of Word Viewer)
- The Microsoft Malicious Software Removal Tool and Outlook Junk Email Filters have also received their monthly update as part of this package.
That certainly seems to be enough for one week! Keep that software up to date, and keep your system safe. It’s a wild uncivilized web out there.