News &Tricks For You ...: Security Patch Update

Showing posts with label Security Patch Update. Show all posts

Tuesday, 12 January 2016

21:50:00

By Unknown

In: Hacking News, Internet Explorer, Microsoft, Microsoft Edge Browser, Security Patch Update, Security Update, Vulnerability, Windows 10

From Today Onwards, Don't You Even Dare to Use Microsoft Internet Explorer

Microsoft ends support for internet explorer web browser

Yes, from today, Microsoft is ending the support for versions 8, 9 and 10 of its home-built browser Internet Explorer, thereby encouraging Windows users to switch on to Internet Explorer version 11 or its newest Edge browser.

Microsoft is going to release one last patch update for IE8, IE9 and IE10 today, but this time along with an "End of Life" notice, meaning Microsoft will no longer support the older versions.

So, if you want to receive continuous updates for your web browser and avoid being exposed to potential security risks after 12 January, you are advised to upgrade your browser to Internet Explorer 11, or its new Edge browser.

End of Life of Internet Explorer 8, 9 and 10

"Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10," Microsoft says.

This move could be part of Microsoft's bigger plan to move its users to the new Edge browser, which is currently available only on Windows 10 PCs.

With the launch of Microsoft Edge last April, the company attempted to encourage Windows 10 users to switch to Edge if they are using its rival browser, such as Google Chrome or Mozilla Firefox, as the default web browser.

Edge has been designed completely separate to Internet Explorer, and promises speed and usability, with support for Cortana -- Microsoft's virtual assistant.

Around 340 Million Users Run Internet Explorer

For higher adoption of Edge, Microsoft is finally ending support for Internet Explorer 8, 9 and 10. However, an estimated 340 Million Windows users are still running Internet Explorer, and nearly half of those are believed to be using one of the expired IE versions.

Therefore, the older versions of the browser will receive KB3123303 patch today that will feature "nag box" asking users to upgrade their browser.

If you have "Automatic Updates" turned ON, you most likely upgraded to IE11 already. However, users with older IE browsers can turn "Automatic Updates" ON by clicking on "Check for Updates" in the "Windows Update" section of the Control Panel.

Wednesday, 30 December 2015

12:12:00

By Unknown

In: Adobe Flash Player Download, Adobe Flash Player Zero-Day Vulnerability, Emergency Response Team, Flash Player Update, Security Patch Update, Vulnerability, Zero-Day Vulnerability

Patch now! Adobe releases Emergency Security Updates for Flash Player

The Adobe Flash Player just said goodbye to the year with another bunch of vulnerability patches.

Adobe released an out-of-band security update on Monday to address Nineteen (19) vulnerabilities in its Flash Player, including one (CVE-2015-8651) that is being exploited in the wild.

All the programming loopholes could be abused to execute malicious code (here malicious Flash file on a web page) on victims' computers in order to hijack an unpatched PC or Mac entirely.

So, if you are running the Flash Player plugin on Windows, Mac OS X, Linux, or Chrome OS, it is time for you to upgrade your system as soon as possible before criminals start taking advantage of the bugs.

Here're the details of the Flash's 19 security vulnerabilities patched in the emergency APSB16-01 update posted Monday afternoon:

A Type Confusion Vulnerability that could lead to arbitrary code execution (CVE-2015-8644)
An Integer Overflow Vulnerability that also leads to code execution (CVE-2015-8651)
Use-After-Free() Vulnerabilities that could also lead to code execution
Memory Corruption Vulnerabilities that could also lead to code execution

The company did not provide many details about the attacks exploiting the Integer Overflow Vulnerability (CVE-2015-8651) discovered by Huawei, other than describing them as "limited, targeted attacks."

Upgrade your machines to the following patched versions of Flash Player:

Flash Player versions 20.0.0.267 and 18.0.0.324 for Windows and Mac users.
Flash Player version 20.0.0.267 for Google Chrome
Flash Player version 20.0.0.267 for Microsoft Edge and Internet Explorer 11 on Windows 10
Flash Player version 20.0.0.267 for IE 10 and 11 on Windows 8.x
Flash Player version 11.2.202.559 for Linux

You can also get the latest Flash Player versions from Adobe's website.

However, if you really want to get rid of these nasty bugs, you are advised to simply disable or completely uninstall Adobe Flash Player immediately.

Flash has plagued with several stability and security issues, which is why developers had hated the technology for years.

Moreover, this is the reason Adobe plans to kill Flash Player and re-brands it as Adobe Animate CC — Adobe's Premier Web animation tool for developing HTML5 content.

Wednesday, 23 December 2015

16:20:00

By Unknown

In: Java, Java Malware, Java Vulnerability, Misleading Java Security Updates, Oracle, Security Patch Update, Zero Day Vulnerability

Oracle Ordered to Publicly Admit Misleading Java Security Updates

Security issues have long tantalized over 850 Million users that have Oracle's Java software installed on their computers. The worst thing is that the software was not fully updated or secure for years, exposing millions of PCs to attack.

And for this reason, Oracle is now paying the price.

Oracle has been accused by the US government of misleading consumers about the security of its Java software.

Oracle is settling with the Federal Trade Commission (FTC) over charges that it "deceived" its customers by failing to warn them about the security upgrades.

Java is a software that comes pre-installed on many computers and helps them run web applications, including online calculators, chatrooms, games, and even 3D image viewing.

Oracle Left Over 850 Million PCs at Risk

The FTC has issued a press release that says it has won concessions in a settlement with Oracle over its failure to uninstall older and insecure Java SE software from customer PCs upon the upgrade process, which left up to 850 Million PCs susceptible to hacking attacks.

However, the company was only upgrading the most recent version of the software and ignoring the older versions that were often chock full of security loopholes that could be exploited by hackers in order to hack a targeted PC.

Oracle is Now Paying the Price

So, under the terms of the settlement with Oracle, announced by the FTC on Monday, Oracle is required to:

Notify Java customers about the issue via Twitter, Facebook, and its official website
Provide tools and instructions on how to remove older versions of Java software

Oracle has agreed to the settlement that is now subject to public comment for 30 days, although Oracle declined to comment on its part.

Meanwhile, the FTC wants Java users to know that if they have older versions of the software. Here is the website that will help you remove them: java.com/uninstall.