Articles about patches

Dirty COW explained: Get a moooo-ve on and patch Linux root hole

Code dive Patch your Linux-powered systems, phones and gadgets as soon as possible, if you can, to kill off a kernel-level flaw affecting nearly every distro of the open-source operating system. Dubbed Dirty COW, the privilege-escalation vulnerability potentially allows any installed application, or malicious code smuggled onto a box, …
Shaun Nichols, 21 Oct 2016

Telnet, SSH prod of death smashes Cisco broadband boxes offline

Cisco has issued six software updates to address security vulnerabilities in its networking products, ranging from denial of service conditions to authentication bypasses. The most serious of the flaws is the authentication bypass hole in the Cisco Meeting Server. Cisco warns that, due to improper handling of XMPP messaging, a …
Shaun Nichols, 12 Oct 2016
Joey from the sitcom friends pokes his head around the door (invasively). Photo copyright NBC

Cisco snaps shut remote pwnage hole in Cloud Services Platform

Cisco has provided a patch to address a remote hijacking vulnerability in its Cloud Services Platform (CSP). Switchzilla said that all customers who run CSP 2100 software should install the 2.1.0 update to close a remote code execution flaw it considers to be a high security risk. Designed as an efficient way to manage …
Shaun Nichols, 21 Sep 2016
Man flexing for webcam

Windows 10 Anniversary Update completely borks USB webcams. Yay.

Microsoft says a fix is on the way for a video encoding issue in the Windows 10 Anniversary Update that has left people unable to access their USB webcams and applications. Multiple peeps and developers have reported issues with their cameras or software not working following the installation of the Windows 10 Anniversary …
Shaun Nichols, 19 Aug 2016
danger

Attention, small biz using Symantec AV: Smash up your PCs, it's the safest thing to do

If you're using Symantec's Endpoint Protection Small Business Edition (SEP SBE) then you can forget about security for a week or so, as the company won't be patching the "as bad as it gets" security holes in its software for a while. A Register reader who wishes to remain anonymous received an email from Symantec confirming …
Iain Thomson, 6 Jul 2016
Bruce Campbell in Army of Darkness

Kill Flash now. Or patch these 36 vulnerabilities. Your choice

Adobe has released an update for Flash that addresses three dozen CVE-listed vulnerabilities. The update includes a fix for the CVE-2016-4171 remote code execution vulnerability that is right now being exploited in the wild to install malware on victims' computers. Adobe is recommending that users running Flash for Windows, …
Shaun Nichols, 16 Jun 2016
Road Closed sign

Cisco warns IPv6 ping-of-death vuln is everyone's problem

Cisco is warning network administrators about a flaw in the handling of IPv6 packets that it says extends beyond its own products. The networking behemoth has issued a security alert detailing a vulnerability in the processing of IPv6 Neighbor Discovery (ND) packets that could allow a remote and unauthenticated miscreant to …
Shaun Nichols, 2 Jun 2016
Cabling disaster 3

Windows 7, Server 2008 'Convenience' update is anything but – it breaks VMware networking

VMware is warning administrators to steer clear of an official update for Windows 7 and Server 2008 – after the patch was found to be incompatible with some virtual machines. The virtualization house says that VMs using VMXNet3 virtual NICs are having networking problems after installing the Windows 7 rollup update. VMs …
Shaun Nichols, 1 Jun 2016
virus_1_648

Kill Flash now? Chrome may be about to do just that

Google's Chrome web browser could be disabling all Flash content by default before the year's out. El Reg has learned that developers with the Chromium Project are working on a new feature known as 'HTML5 by Default'. The move could help to keep users safe by locking off a favorite target for web-based malware exploits. As …
Shaun Nichols, 13 May 2016

Adobe...sigh...issues critical patch...sigh...for Flash Player zero day

Adobe has pushed out a patch for 25 vulnerabilities in Flash Player, including one that is already being targeted in the wild. The latest fix for the internet's screen door includes a remedy for CVE-2016-4117, the remote code execution flaw that is already being exploited by criminals serving up malware-laden advertisements. …
Shaun Nichols, 12 May 2016

How to make Cisco UCS servers roll over and obey: Send a HTTP poke

Cisco has patched a vulnerability in its Unified Computing System (UCS) Central Software that could be exploited by miscreants to take remote control of machines. Switchzilla said that the CVE-2016-1352 flaw in the UCS web framework is considered a "high" security risk as an unauthenticated attacker can execute arbitrary …
Shaun Nichols, 13 Apr 2016

Dear Windows, OS X folks: Update Flash now. Or kill it. Killing it works

Adobe has published new versions of Flash to patch a vulnerability being exploited right now by hackers to hijack PCs and Macs. The APSB16-10 update addresses a total of 24 CVE-listed flaws, including one (CVE-2016-1019) that's been exploited in the wild to inject malware into Microsoft Windows and Apple OS X systems. Users …
Shaun Nichols, 8 Apr 2016
Asleep on the sofa image via Shutterstock

Symantec warns of serious security holes – in Symantec security kit

Symantec is advising users of its Endpoint Protection (SEP) software to update their systems, after three vulnerabilities were reported in the computer defense tools. Two of the bugs – a cross-site scripting (XSS) flaw, and a SQL injection vulnerability – are in the SEP Management Console, a web-based portal you can log into …
Shaun Nichols, 18 Mar 2016

Flash – aaah-aarrgh! Patch now as hackers exploit fresh holes

Adobe has urged users to patch their Windows, OS X and Linux editions of Flash Player to address 23 security vulnerabilities, including one that is actively being targeted in the wild. The March update includes a number of fixes for vulnerabilities that could, if exploited, allow an attacker to remotely execute code on a …
Shaun Nichols, 10 Mar 2016
Apple iPad Mini 2013

Afraid of getting your iThing pwned? Get yourself iOS 9.2.1

Apple has posted an update for iOS, including patches for 13 CVE-listed security flaws. The Cupertino giant said that the iOS 9.2.1 update bundles the security fixes with a patch for a bug in the Apple Mobile Device manager that had prevented some iOS devices from installing apps. Note that this update will not fix the weird …
Shaun Nichols, 19 Jan 2016
android_toys_648

Got a Nexus? Google has five critical Android security fixes for you

Google has fixed 12 security bugs in its Android source code – including five that would allow miscreants to achieve remote code execution or root access. The Mountain View giant said its January Android security update includes patches for five CVE-listed security vulnerabilities it rates as "critical" risks, two considered " …
Shaun Nichols, 4 Jan 2016

Still running IE10? Not for long, says Microsoft

Microsoft is advising Windows users to update their browsers ahead of a new policy that will see some versions of Internet Explorer no longer supported. The Redmond software giant said that beginning January 12, 2016, it will only support the newest version of its browser available in each operating system. "The newest …
Shaun Nichols, 11 Dec 2015
Apple logo. Pic: Blake Patterson

Think you're all done patching? Not if you have any Apple gear

Apple has joined the likes of Microsoft and Adobe in releasing patches for dozens of security holes in its products. The Cupertino design studio has posted updates for nearly all of its product lines, fixing security holes in iOS, OS X, watchOS, tvOS, Safari, and Xcode. For OS X users, the update is packaged as El Capitan 10. …
Shaun Nichols, 9 Dec 2015

Create a news alert about patches, or find more stories about patches.

Biting the hand that feeds IT © 1998–2017