Articles about patch

rage

If at first you don't succeed, you're Microsoft trying to fix broken Excel 2016

Some Excel users have been struggling to add hyperlinks to spreadsheets, so Microsoft now has a patch for that – or rather a second one. On August 1, Microsoft released a patch to fix a problem with Office 2016 where users were being warned that their passwords were about to expire, even if they weren't. That update fixed the …
Iain Thomson, 24 Aug 2017

Leaky PostgreSQL passwords plugged

PostgreSQL has released three security patches for versions 9.6.4, 9.5.8, 9.4.13, 9.3.18, and 9.2.22. In CVE-2017-7547, a remote attacker can retrieve others' passwords because of a user mapping bug. The authorisation oopsie derives from the database's handling of pg_user_mappings, allowing an authenticated remote attacker …
LOL

Three Microsoft Outlook patches unpatched, users left to DIY

Microsoft has withdrawn at least three of the patches released at the end of June and early July, but left it to users to find out for themselves. The three patches – KB 4011042, KB 3191849 and KB 3213654 – fixed the same file-handling bugs in Outlook's 2010, 2013 and 2016 editions. Attachments containing “...” (ellipsis) or …
Cisco logo falling off Cisco building

Yes, this is our third Cisco story of the day. It's about 23 bugs you need to fix, stat

We all know the only thing more fun than a WebEx conference is a recorded WebEx conference, which is why WebEx Network Recording Player exists – and if you use it, you need to patch it. Switchzilla's 23-patch Wednesday Whack-a-Mole includes fixes for multiple buffer overrun WebEx vulnerabilities. The WebEx vulns can be …

Dell to patch AMT-vulnerable systems

Dell, which last week was scrambling to work out which of its systems are affected by the Intel AMT vulnerability, is scrambling to catch up with peers HP Inc, Lenovo and Fujitsu. In a note published on Friday, the company said it would publish firmware fixes for most vulnerable kit. As readers should already know, Intel …
Oracle acrobatics in the cloud

Oracle patches Solaris 10 hole exploited by NSA spyware tool – and 298 other security bugs

Oracle today emitted a huge batch of 299 security fixes for its software – including a patch for a vulnerability exploited by a leaked NSA tool that can hijack Solaris systems. Details of the massive April dump can be found here: Oracle describes the updates as "critical," and urges admins to install them "without delay." …
Iain Thomson, 19 Apr 2017
bricklayer

Don't worry, slowpoke Microsoft, we patched Windows bug for you, brags security biz

Video A computer security outfit claims to have plugged an information leak in Windows that was publicly revealed by Google before Microsoft had a patch ready. Could this third-party patching become a trend? Last month, Google's Project Zero team disclosed details of a trivial vulnerability in the Windows user-mode GDI library: the …
Iain Thomson, 7 Mar 2017
plasters cover arm. photo by shutterstock

Got an OpenBSD Web server? Better patch it

OpenBSD and two of its SSL libraries need patches against a pair of denial-of-service bugs that can crash Web-facing servers. The first is in the operating system's SSL implementation, specifically in the HTTP daemon. An advisory says that daemon can be crashed with repeated SSL renegotiation. A single renegotiation thread, …
Volodymyr Krasyuk http://www.shutterstock.com/gallery-286606p1.html

Happy Monday, Juniper admins: Get patching

Juniper Networks pushed out patches for its Junos operating system over the weekend. The first, rated high severity, is CVE-2017-2302. It's a denial-of-service (DoS) bug in its routing protocol daemon. “On Junos OS devices where the BGP add-path feature is enabled with 'send' option or with both 'send' and 'receive' options, …
Oracle and Sun logo

What's big and red and needs 270 security patches?

Oracle has revealed its quarterly Critical Patch Update Advisory for January 2017, which offers users a buffet of 270 fixes to apply. Big Red says that “due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.” Where to start? Perhaps with the sole problem …
Simon Sharwood, 18 Jan 2017
Quick fix - worker running while carrying a wrench

ISC squishes BIND packet-of-death bugs

BIND administrators, get patching: there are three irritating flaws you need to splat. The denial-of-service vulnerabilities in question are CVE-2016-9131, CVE-2016-9147, and CVE-2016-9444. Common to all three is that they're exploitable denial-of-service bugs that predominantly affect BIND-based DNS servers running in …

Docker swings door shut on privilege escalation bug

Docker has patched what it calls a “minor” container escape. CVE-2016-9962 was a bug in runc – an insecure file descriptor opening that cleared the way to local privilege escalation. In other words, the contents of one container could be exposed to another, running under the same Docker instance. From its Full Disclosure post …

VNC server library gets security fix

An important fix for libvncserver has landed in Debian and on the library's GitHub page. Late in 2016, a bug emerged in the VNC libraries that left clients vulnerable to malicious servers. As the Debian advisory states, the fix addresses two bugs: CVE-2016-9941 and CVE-2016-9942. The libraries incorrectly handled incoming …

Microsoft quietly emits patch to undo its earlier patch that broke Windows 10 networking

Microsoft has sneaked out a patch to get Windows 10 PCs back online after an earlier update broke networking for people's computers around the globe. Since the end of last week, systems in the UK, US, Europe and beyond have automatically installed software from Microsoft, via Windows Update, that broke DHCP. That means some …
Iain Thomson, 14 Dec 2016
Twilight Zone, 'Time Enough At Last'

It's time: Patch Network Time Protocol before it loses track of time

The maintainers of the Network Time Protocol daemon (ntpd) have pushed out a patch for ten security vulnerabilities. Leading the fixfest is a trap-crash turned up by Cisco's Matthew Van Gundy. If ntpd is configured with the trap service enabled, a malformed packet causes a null pointer dereference and crash it. A Windows bug …
Siemens CCTV camera

Surprise! Another insecure web-connected CCTV cam needs fixing

Siemens has issued a security patch for CCTV cameras that cough up their admin passwords to remote attackers. The cameras are now sold by Vanderbilt Industries, which acquired the camera business unit from the German industrial giant in 2015. The security bug lies in the web server in the gadgets' firmware, and is present in …

Cisco's subscriber management software needs immediate patch

Service providers using Cisco' Prime to manage consumers' networks need to run in a critical patch. The vulnerability Cisco turned up gives a remote attacker full administrative privileges over the system, thanks to its Web GUI. A crafted HTTP request to a particular URL lets an attacker “obtain a valid session identifier for …
Apple

DROWN-ing Xcode developer? Apple's thrown you a lifebelt

Apple has published security updates for Xcode, iCloud for Windows, and iTunes for Windows. Xcode 8.1 plugs holes the Xcode server inherited from Chrome, OpenSSL and node.js. Apple's announcement is here. There's a bunch of OpenSSL patches to start with: CVE-2016-0705 in OpenSSL is better known as the DROWN bug that let …

Create a news alert about patch, or find more stories about patch.

Biting the hand that feeds IT © 1998–2018