Oracle Java SE Update – Critical Update

Oracle Java SE Update – Security Garden

Oracle Java released an update to Java SE 6 and Java SE 7.

Edited to clarify:  Included in the Oracle updates are eighty-eight (88) new critical security fixes across numerous Oracle products, listed in the Oracle Critical Patch Update Advisory.  It is strongly advised that the update be installed for those products as soon as possible due to the thread posed by a successful attack.

More in the article.

Time to start checking Java.com for updates from Oracle that fix the latest Bugfixes for Java for your Windows, Solaris, and Linux operating systems. Linux users can also check their distros for these updates, and Mac users should start checking rigorously for updates to Java SE 6 from Apple.

NOTE: As of 10:37 AM EDT today, April 28, 2012, the Java website still shows Java SE 6, Update 31.

You will want to check the download links on Security Garden’s posting for the most recent updates. Or here on Oracle’s download page for Java SE Runtime Environment 6 Update 32 for Linux, Solaris, Windows (mainstream version that works with most applications). Mac OS X users still need to get their Java SE 6, Update 32 from Apple, so please keep checking!

Thanks for keeping us updated on Oracle’s Java status, Security Garden!

Advertisements

The ‘ole Conficker worm still infecting PCs years later

‘Obstinate’ Conficker worm infests millions of PCs years later
By Gregg Keizer, Computerworld

Suppressed botnet has 7M Windows machines in its grip three years after it first appeared

And Mac users thought they had it bad with their Flashback, which is not good, so don’t get me wrong here. But Apple should be watching closely situations like Conficker worm/botnet. What’s that old saying? But by the grace of God go I? or something like that.

Of course this is one of the most widespread botnets to hit Windows PCs, but still, it’s only one of many that are out there for PCs. And although Microsoft made similar mistakes as Apple in regard to malware/viruses/botnets initially, they made up for it in time. They even put out their own antivirus/antimalware program – Microsoft Security Essentials for free to home users to help protect their users. But even with their experience with these things for many years and learning from their mistakes, there is this…

Concern about Conficker reached a crescendo when the mainstream media, including major television networks, reported that the worm would update itself on April 1, 2009. Because of the size of the Conficker botnet — estimates ran as high as 12 million at that point — and other mysteries, hype ran at fever pitch.

It also urged all Windows users to ensure they have applied the pertinent patch — MS08-067 — and for Windows XP and Vista machines, the March update that disables AutoRun.

Much more in the 2 page article.

Microsoft confirms 17-year old Windows Vulnerability (ZDNet blogs)

[tweetmeme source=”franscomputerservices” only_single=false]Microsoft confirms 17-year old Windows Vulnerability (ZDNet blogs)

One day after a Google security researcher released code to expose a flaw that affects every release of the Windows NT kernel — from Windows NT 3.1 (1993) up to and including Windows 7 (2009) — Microsoft dropped a security advisory to acknowledge the issue and warn of the risk of privilege escalation attacks.

Microsoft was notified about the issue in June 2009 and has still not fixed the vulnerability.

Interesting to note that x64 is not affected and valid credentials are needed for the system to be compromised.

Obviously x64 (64-bit) Windows 7 would be the best option and making sure your system is protected by a strong password would be helpful either way.

However, on x32 (32-bit) Windows, any version of Windows could be compromised given the right Trojan cocktail even if the system is password protected.

Something to think about.