Sharpe Security Blog

Google Chrome 14.0.835.202 Released

David Sharpe — Tue, 04 Oct 2011 20:52:12 +0000

Google Chrome 14.0.835.202 has been released for Windows, Mac, and Linux. The update includes fixes for 7 vulnerabilities, all of which are classified as high or critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Google Chrome 14.0.835.163 Released

David Sharpe — Mon, 19 Sep 2011 14:39:20 +0000

Google Chrome 14.0.835.163 has been released for Windows, Mac, and Linux. The update includes fixes for 32 vulnerabilities, 15 of which are classified as high or critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity

First Look at Windows 8

David Sharpe — Mon, 19 Sep 2011 01:20:32 +0000

Wow. The security enhancements in Windows 8 look fantastic. Details are available here: http://blogs.msdn.com/b/b8/archive/2011/09/15/protecting-you-from-malware.aspx.

A few things spring to mind:
1). The changes to the Windows 8 heap will significantly raise the bar for exploit developers, and pentest tool vendors. The days of serious and widespread remotely exploitable buffer overflow bugs are mostly behind us. Most of those have been hunted to extinction over the past several years. Today’s cutting edge OS exploit development work is largely in the heap overflow arena, and things will get dramatically more difficult for heap exploit developers as the Microsoft world moves to Windows 8 over the next few years.

2). Enterprise shops that skipped Vista and are rolling out Windows 7 will need to continue to do so. Windows XP goes off support in April 2014 (meaning Microsoft won’t provide you with any patches unless you purchase Custom Support), so you don’t have enough time to wait for Windows 8 to be ready for production. I would recommend standing up a Windows 8 pilot early to shake out any conflicts between Windows 8 and your organization’s software portfolio, but you don’t have enough time between now and April 2014 to lean back and skip Windows 7.

3). The inclusion of Microsoft’s now world class anti-malware solution in Windows 8 is bad news if you are an AV vendor. Enterprise shops will still likely want to buy a comprehensive endpoint security solution like Symantec SEP, but home users should be fine with just Windows 8′s AV and their firewall enabled. So Symantec, McAfee, Trend and others will certainly see less AV subscription revenue flowing in from home users and small business market.

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Google Chrome 13.0.782.215 Released

David Sharpe — Tue, 23 Aug 2011 13:44:41 +0000

Google Chrome 13.0.782.215 has been released for Windows, Mac, and Linux. The update includes fixes for 11 vulnerabilities, 10 of which are classified as high or critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Mozilla Firefox 6.0 and 3.6.20 Released

David Sharpe — Wed, 17 Aug 2011 15:51:53 +0000

Mozilla has released Firefox versions 6.0 and 3.6.20. These new versions fix several security-related memory corruption bugs (http://www.mozilla.org/security/announce/2011/mfsa2011-29.html).

Firefox version 5.x is now off support. You should be running only 3.6.x or 6.x in production now.

References:
http://www.mozilla.com/en-US/firefox/6.0/releasenotes/

http://www.mozilla.com/en-US/firefox/3.6.20/releasenotes/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Adobe Shockwave Player Version 11.6.1.629 Released

David Sharpe — Thu, 11 Aug 2011 01:55:58 +0000

Adobe has released Shockwave Player version 11.6.1.629 for Windows and Apple OS X. This update contains several security updates as outlined in the link below.

References:
http://www.adobe.com/support/security/bulletins/apsb11-19.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Adobe Flash Player 10.3.183.5 Released

David Sharpe — Thu, 11 Aug 2011 01:52:06 +0000

Adobe has released version 10.3.183.5 of their Flash player product for Windows, Linux, Apple OS X, and Solaris. This update includes security fixes.

References:
http://www.adobe.com/support/security/bulletins/apsb11-21.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Volatility Framework 2.0 Released

David Sharpe — Sat, 06 Aug 2011 02:53:57 +0000

Wow. This, in addition to MANDIANT’s recently released Redline tool, will amount to another devastating blow to HBGary Responder Pro sales and market share. How can you justify the $9000 USD cost for a Responder Pro license plus annual maintenance if one of these free tools works for the platforms you work on?

The following platforms are currently supported:
32bit Windows XP Service Pack 2 and 3
32bit Windows 2003 Server Service Pack 0, 1, 2
32bit Windows Vista Service Pack 0, 1, 2
32bit Windows 2008 Server Service Pack 1, 2 (there is no SP0)
32bit Windows 7 Service Pack 0, 1

References:
https://www.volatilesystems.com/default/volatility

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Apple Quicktime Player 7.7 Released

David Sharpe — Thu, 04 Aug 2011 12:48:47 +0000

Apple has released Quicktime Player 7.7 for Windows and Apple Mac OS X 10.5.8. Version 7.7 includes fixes for 13 security issues.

References:
http://lists.apple.com/archives/security-announce/2011/Aug/msg00000.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Google Chrome 13.0.782.107 Released

David Sharpe — Tue, 02 Aug 2011 17:35:02 +0000

Google Chrome 13.0.782.107 has been released for Windows, Mac, and Linux. The update includes fixes for 30 vulnerabilities, 14 of which are classified as high.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement