Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity
    • Development
    • Networking

    Major Microsoft, Adobe Patches Lead Week’s Security News

    Written by

    Fahmida Y. Rashid
    Published January 15, 2012
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Software patches dominated the week with Adobe’s scheduling its quarterly update for Reader and Acrobat software while Microsoft delivered its Patch Tuesday updates for January. Oracle also released the preview for its quarterly Critical Patch Update for next week.

      Microsoft released seven bulletins addressing eight security vulnerabilities in January’s Patch Tuesday, but only one was rated “critical.” The two highest-priority bulletins fixed issues in Windows Media Player and in the .NET packager. An email attachment or a file hosted on a Website, could launch a drive-by-attack by exploiting the Windows Media Player vulnerability.

      Attackers could trick users to open a maliciously crafted Office document to exploit the .NET flaw.

      Adobe also updated its Reader and Acrobat software on both the Mac OS X and Windows platforms. With this update, the zero-day vulnerabilities in the software’s 3D rendering technology are now patched in all versions of the software. Adobe Reader and Acrobat 9 for Windows were patched in December. But Reader and Acrobat 9 for Mac OS X and Reader and Acrobat X for both platforms were fixed in this release.

      Adobe also added a JavaScript whitelisting capability to Reader and Acrobat where administrators could disable JavaScript execution in PDF files, but enable it for a handful of trusted documents. Considering most PDF-based attacks use embedded malicious JavaScript code in one way or other, disabling JavaScript across the board would help reduce the attack surface.

      Despite plans to address 78 bugs, Oracle’s gargantuan CPU is downright skimpy on the database front, with only two fixes for Oracle Database Server. Nearly half of the fixes will be in MySQL and the Sun product suite, but Oracle’s continued lack of focus on its flagship database software remains puzzling.

      Separately, Oracle released a new version of its database firewall with features designed to help administrators block SQL injection attacks and malicious insiders from gaining unauthorized access to data. Oracle Database Firewall also now supports MySQL and the open-source database software joins the ranks of Oracle Database 11g and earlier versions, IBM DB2, Microsoft SQL Server, Sybase Adaptive Server Enterprise and Sybase SQL Anywhere.

      Strategic Forecasting finally relaunched its Website this week. It had been off-line since Christmas Eve after unidentified attackers defaced the site, damaged servers and stole emails. Stratfor’s CEO George Friedman apologized in a letter to subscribers for the breach and the mistakes the company had made. “This was our failure. I take responsibility,” Friedman wrote. In the same letter, he lashed out at the attackers, and accused them of trying to censor Stratfor and of being ignorant of about the company’s mission.

      During the Infiltrate Security Conference in Miami this week, two security researchers disclosed a security flaw in Research In Motion’s PlayBook tablet that makes it possible for attackers to tap into a connection made between the tablet and handheld devices. Attackers could locate and acquire the authentication token for BlackBerry Bridge, which uses Bluetooth technology to “pair” two devices and access sensitive information, according to the report. RIM said the issue has already been resolved with the BlackBerry PlayBook OS 2.0 update expected in February.

      The week ended with Microsoft looking back at its Trustworthy Computing initiative, which was launched Jan. 15, 2002, when Microsoft’s then CEO Bill Gates issued a memo to every employee that the company was going to take a step back and focus on security. Under the new TwC, when given a choice between adding features and resolving security issues, the company would “choose security,” Gates wrote 10 years ago.

      Since then, company has made tremendous strides in strengthening its products, working with the security community and developing mitigation technologies that are used by other vendors to secure their own products. According to the company, Microsoft will continue its focus on privacy, the role of government in controlling cyber-attacks, and security for mobile devices and cloud computing in the next 10 years.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.