Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Development
    • Networking

    Major Microsoft, Adobe Patches Lead Week’s Security News

    By
    Fahmida Y. Rashid
    -
    January 15, 2012
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Software patches dominated the week with Adobe’s scheduling its quarterly update for Reader and Acrobat software while Microsoft delivered its Patch Tuesday updates for January. Oracle also released the preview for its quarterly Critical Patch Update for next week.

      Microsoft released seven bulletins addressing eight security vulnerabilities in January’s Patch Tuesday, but only one was rated “critical.” The two highest-priority bulletins fixed issues in Windows Media Player and in the .NET packager. An email attachment or a file hosted on a Website, could launch a drive-by-attack by exploiting the Windows Media Player vulnerability.

      Attackers could trick users to open a maliciously crafted Office document to exploit the .NET flaw.

      Adobe also updated its Reader and Acrobat software on both the Mac OS X and Windows platforms. With this update, the zero-day vulnerabilities in the software’s 3D rendering technology are now patched in all versions of the software. Adobe Reader and Acrobat 9 for Windows were patched in December. But Reader and Acrobat 9 for Mac OS X and Reader and Acrobat X for both platforms were fixed in this release.

      Adobe also added a JavaScript whitelisting capability to Reader and Acrobat where administrators could disable JavaScript execution in PDF files, but enable it for a handful of trusted documents. Considering most PDF-based attacks use embedded malicious JavaScript code in one way or other, disabling JavaScript across the board would help reduce the attack surface.

      Despite plans to address 78 bugs, Oracle’s gargantuan CPU is downright skimpy on the database front, with only two fixes for Oracle Database Server. Nearly half of the fixes will be in MySQL and the Sun product suite, but Oracle’s continued lack of focus on its flagship database software remains puzzling.

      Separately, Oracle released a new version of its database firewall with features designed to help administrators block SQL injection attacks and malicious insiders from gaining unauthorized access to data. Oracle Database Firewall also now supports MySQL and the open-source database software joins the ranks of Oracle Database 11g and earlier versions, IBM DB2, Microsoft SQL Server, Sybase Adaptive Server Enterprise and Sybase SQL Anywhere.

      Strategic Forecasting finally relaunched its Website this week. It had been off-line since Christmas Eve after unidentified attackers defaced the site, damaged servers and stole emails. Stratfor’s CEO George Friedman apologized in a letter to subscribers for the breach and the mistakes the company had made. “This was our failure. I take responsibility,” Friedman wrote. In the same letter, he lashed out at the attackers, and accused them of trying to censor Stratfor and of being ignorant of about the company’s mission.

      During the Infiltrate Security Conference in Miami this week, two security researchers disclosed a security flaw in Research In Motion’s PlayBook tablet that makes it possible for attackers to tap into a connection made between the tablet and handheld devices. Attackers could locate and acquire the authentication token for BlackBerry Bridge, which uses Bluetooth technology to “pair” two devices and access sensitive information, according to the report. RIM said the issue has already been resolved with the BlackBerry PlayBook OS 2.0 update expected in February.

      The week ended with Microsoft looking back at its Trustworthy Computing initiative, which was launched Jan. 15, 2002, when Microsoft’s then CEO Bill Gates issued a memo to every employee that the company was going to take a step back and focus on security. Under the new TwC, when given a choice between adding features and resolving security issues, the company would “choose security,” Gates wrote 10 years ago.

      Since then, company has made tremendous strides in strengthening its products, working with the security community and developing mitigation technologies that are used by other vendors to secure their own products. According to the company, Microsoft will continue its focus on privacy, the role of government in controlling cyber-attacks, and security for mobile devices and cloud computing in the next 10 years.

      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      10 Best AI 3D Generators 2023

      Aminu Abdullahi - November 17, 2023 0
      AI 3D Generators are powerful tools for creating 3D models and animations. Discover the 10 best AI 3D Generators for 2023 and explore their features.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×