Here's a collection of recent security vulnerabilities, alerts, and news, which covers Microsoft's Patch Tuesday for the month of April, news of Intel work on anti-theft technology for laptops, a critical hole in Cisco's Unified Communications product series, and the release of a new version of Opera.
- April's Patch Tuesday to feature eight security updates from Microsoft
Eight patches will be released by the folks at Redmond for April's Patch Tuesday update tomorrow. Five of them are considered "critical," while the other three are marked as "important."
Where the critical patches are concerned, one involves Microsoft Office, two will affect Windows, and the remaining two involves issues with the Internet Explorer browser. For the important patches, one affects Microsoft Office while the other two will affect Windows.
What is interesting is that at least one Windows-related issue appears to span the entire spectrum of Windows operating systems — affecting Windows 2000, Windows XP, Windows 2003 Server, Windows Vista, and even Windows Server 2008 operating system.
Director of security operations at nCircle Network Security, Andrew Storms noted that, "That one has to be a pretty bad bug to be critical across the board like that. I would have expected a drop in criticality for Vista SP1, and most certainly in Server 2008. Something should have mitigated the vulnerability."
For more details, be sure to check out the Microsoft Security Bulletin Advanced Notification.
- Intel to release anti-theft technology for laptop
Intel has announced an anti-theft technology for laptops. Unimaginatively named "Intel Anti-Theft Technology," the technology will form another facet of Intel's Active Management Technology — itself a part of Centrino vPro. Centrino vPro is about giving IT managers the ability to remotely access and configure computers.
According to Dadi Perlmutter, executive vice president and general manager of Intel's Mobility Group, the technology will "basically lock the system, lock the disk, so people cannot be maliciously using and getting the data."
In the PowerPoint slides here, Intel segregates the problem into Data Defense, which involves the likes of embedded disk protection and the disabling of data access and Asset Defense, which involves disabling the platform, the use of proactive administrative policies, and support for recovery.
No further information is available at this point, except that it will be released in the fourth quarter of this year.
- Critical hole found in Cisco's Unified Communications product series
Cisco has made known a security hole in its United Communication product series that involves the Disaster Recovery Framework (DRF). It could potentially result in remote exploits or a sustained DoS condition.
A number of products are affected, namely:
- Cisco Unified Communications Manager (CUCM) 5.x and 6.x
- Cisco Unified Communications Manager Business Edition
- Cisco Unified Presence 1.x and 6.x
- Cisco Emergency Responder 2.x
- Cisco Mobility Mnager 2.x
An update has has already been released via normal Cisco channels that resolves the problem. For workarounds, the DRF Master can be disabled, though doing so would prevent further backups from being made. Alternatively, access to port 4040 can be restricted as well.
For more information, do check out Cisco's extensive documentation on the matter.
- New version of Opera fixes security holes
Opera 9.27 has been released. Besides fixing a number of vulnerabilities, it is also claimed to be more stable.
The security issues include:
- Fixed an issue where newsfeed prompts could cause Opera to execute arbitrary code, as reported by Michal Zalewski. See our advisory.
- Solved an issue where resized canvas patterns could cause Opera to execute arbitrary code, as reported by Michal Zalewski. See our advisory.
- Improved keyboard handling of password inputs, as reported by Trystan S.
You can read the full changelog to Opera 9.27 for Windows.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.