Light Patch Tuesday Brings Two XSS Fixes

As I mentioned in last week’s early warning, today’s Patch Day is extremely light with only two updates. According to their September bulletin summary, Microsoft has only released updates for Visual Studio Foundation Server and System Center Configuration Manager. Both updates fix cross-site scripting (XSS) vulnerabilities that Microsoft rates as Important.

If you have either of these products, you should apply today’s patches at your earliest convenience, despite their low severity. If you don’t use either of these products, you’re off the hook this month (whoohoo).  However, don’t forget to check your certificate infrastructure to make sure you are using 1024  bit certificates by October.

Also,  if you use any Cisco products, Microsoft also released a Cisco-related Security Advisory today. The advisory includes a roll-up patch that sets the Killbit for a few different Cisco ActiveX controls. This prevents the 3rd party controls from working in IE, due to vulnerabilities in them. Microsoft administrators should probably apply this update as well.

Finally, Adobe holds their Patch Day today. They only released one security bulletin for ColdFusion. The update fixes a denial of service (DoS) vulnerability in ColdFusion 10 and earlier, running on any platform. If you use ColdFusion, make sure to apply that patch, too.

I’ll release a more detailed alert about the Microsoft issues here shortly — Corey Nachreiner, CISSP (@SecAdept)

About Corey Nachreiner

Corey Nachreiner has been with WatchGuard since 1999 and has since written more than a thousand concise security alerts and easily-understood educational articles for WatchGuard users. His security training videos have generated hundreds of letters of praise from thankful customers and accumulated more than 100,000 views on YouTube and Google Video. A Certified Information Systems Security Professional (CISSP), Corey speaks internationally and is often quoted by other online sources, including C|NET, eWeek, and Slashdot. Corey enjoys "modding" any technical gizmo he can get his hands on, and considers himself a hacker in the old sense of the word.

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 8,244 other followers

%d bloggers like this: