Semaine chargée en mises à jour. Même si vous utilisez Google Chrome, fermez-le, et faites une mise a jour en version 4.x. À noter pour IE une faille extrêmement importante sans réponse de Microsoft... à part désactiver le support de l'active scrippting ou mettre la sécurité de la zone internet sur "haut" en appuyant sur alt puis outils/options internet/sécurité. Pour info j'ai testé WSUS mais ce n'est pas encore convainquant, et sortez couvert ! Le reste des détails ci-dessous. Bonne mise à jour...
========================================================================
The Secunia Weekly Advisory Summary
2010-03-11 - 2010-03-18
This week: 95 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4..................................................This Week in Numbers
========================================================================
1) Word From Secunia:
Patching redefined - Free & Automatic Updating for every single PC user
Unpatched programs are a primary source of IT insecurity. But due to the complex and immeasurable scope of patching, it is neglected by the majority of private users. Not a viable approach to ensure online safety - Secunia has set out aggressively to change this!
Read more:
Use WSUS to deploy 3rd party patches
Public BETA:
http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/
========================================================================
2) This Week in Brief:
Some vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions.
For more information:
http://secunia.com/advisories/39029
Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to disclose sensitive information or potentially compromise a user's system.
For more information:
http://secunia.com/advisories/39001/
A vulnerability has been discovered in Google Picasa for Mac, which can be exploited by malicious people to potentially compromise a user's system.
For more information:
http://secunia.com/advisories/38753/
========================================================================
3) This Weeks Top Ten Most Read Advisories:
For more information on how to receive alerts on these vulnerabilities, subscribe to the Secunia business solutions:
http://secunia.com/advisories/business_solutions/
1. [SA38416] Microsoft Internet Explorer Local File Disclosure
Vulnerabilities
2. [SA37584] Adobe Flash Player Multiple Vulnerabilities 3. [SA37231] Sun Java JDK / JRE Multiple Vulnerabilities 4. [SA38511] Microsoft DirectShow AVI File Parsing Buffer Overflow
Vulnerability
5. [SA37690] Adobe Reader/Acrobat Multiple Vulnerabilities 6. [SA37769] Google Chrome Multiple Vulnerabilities 7. [SA38209] Microsoft Internet Explorer Multiple Vulnerabilities 8. [SA38061] Google Chrome Stylesheet Redirection Information
Disclosure
9. [SA38265] Microsoft Windows Two Privilege Escalation
Vulnerabilities
10. [SA38506] Microsoft Windows TCP/IP Implementation Vulnerabilities
========================================================================
4) This Week in Numbers
During the past week 95 Secunia Advisories have been released. All Secunia customers have received immediate notification on the alerts that affect their business.
This weeks Secunia Advisories had the following spread across platforms and criticality ratings:
Platforms:
Windows : 9 Secunia Advisories
Unix/Linux : 32 Secunia Advisories
Other : 3 Secunia Advisories
Cross platform : 51 Secunia Advisories
Criticality Ratings:
Extremely Critical : 0 Secunia Advisories
Highly Critical : 15 Secunia Advisories
Moderately Critical : 44 Secunia Advisories
Less Critical : 36 Secunia Advisories
Not Critical : 0 Secunia Advisories
========================================================================
Secunia recommends that you verify all advisories you receive, by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Subscribe:
http://secunia.com/advisories/weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail :
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45