January 2010 Patch Tuesday VoR:
- 14 January, 2010 10:51
<p>January 2010 Patch Tuesday VoR:</p>
<p>Microsoft, Adobe and Oracle Issue Security Updates Today – Info from Symantec</p>
<p>Today, Microsoft, Adobe and Oracle have released or are scheduled to release security updates to address product vulnerabilities.</p>
<p>Microsoft issued one security bulletin that addressed just one vulnerability. However, Microsoft has rated the vulnerability as critical.</p>
<p>“The lone Microsoft vulnerability affects everything from Windows 2000 to Windows 7, but is only rated critical for Windows 2000,” said Ben Greenbaum, senior research manager, Symantec Security Response. “From XP SP2 onward, Microsoft hardened heap memory with heap memory protection strategies; this makes the vulnerability less of an issue for the later systems.”</p>
<p>Adobe is also scheduled to release security updates today. One of the expected updates patches a critical zero-day vulnerability affecting Acrobat and Reader that was first identified on December 14.</p>
<p>“We’re seeing this vulnerability actively being exploited by attackers,” Greenbaum said. “Attack attempts seemed to peak near the end of
December and then drop off, but we’re continuing to see limited attempts at exploitation, and more reliable exploits could still be
<p>Finally, Oracle is scheduled to release one advisory addressing 24 vulnerabilities as part of their quarterly security update.</p>
<p>“It was a light month in terms of Microsoft,” Greenbaum added. “But because Adobe is addressing a number of security holes, at least one of them critical, and Oracle is also fixing 24 vulnerabilities, a lot of IT managers are still going to have their hands full.”</p>
<p>Symantec strongly encourages users to patch their systems against all these vulnerabilities. In addition, enterprises are encouraged to consider implementing an automated patch management solution to help mitigate risk.</p>
<p>Please visit the Symantec Security Response blog for more information and also let me know if you are interested in speaking with a Symantec expert in more detail about any of the vulnerabilities addressed this month.</p>
<p>The Symantec Security Response blog can be viewed here:
<p>Additional information on Microsoft’s security bulletins can be found here:
<p>Additional information on Adobe’s security updates can be found here:
<p>Additional information on Oracle’s security updates can be found here:
<p>+61 2 9954 3492</p>
- CISO 101: Securing the expanding attack surface and demonstrating ROI
- Embedding ethical risk culture in organisations
- Could AI-powered multi-factor authentication kill the password at last?
- Cloud Security: Who is Responsible for What?
- Want more clout with the CEO? Wait until your first ransomware attack.