Home > Blogs > VMware Go Blog > Monthly Archives: November 2012

Monthly Archives: November 2012

This Week in Patching – 11/30/2012

By: Jason Miller, Manager, Research and Development

This week was highlighted yet again by browser updates addressing security vulnerabilities.  Google released updates for their Chrome and Chrome Frame browsers addressing multiple vulnerabilities.  On Monday, Google Chrome 23.0.1271.91 was released and it addresses seven vulnerabilities.  On Thursday, a second update was provided with Google Chrome version 23.0.1271.95.  The latest version addresses two security vulnerabilities.

A little background and history on Google’s responsible vulnerability initiative:

In November 2010 Google implemented a vulnerability reward program to enable security researchers the ability to gain financial rewards for responsibly disclosing vulnerability information to Google.  A responsible vulnerability disclosure is when a vulnerability is submitted to the vendor and the source code is not made publicly available until a fix has been made in the affected software.

One of the vulnerabilities fixed in the latest version of Google Chrome is credited to the hacker known as “Pinkie Pie.”  This vulnerability netted Pinkie Pie a cool $7,331.  This is not the first time Pinkie Pie has received a reward in the vulnerability reward program.  Back in March, Pinkie Pie received $60,000 for a vulnerability in Google Chrome during the Pwnium contest.  In October, the Pwnium 2 contest was held and Pinkie Pie received another $60,000 for winning the contest.  I would say netting $127,331 on vulnerabilities found and responsibly disclosed makes 2012 a great year for both Google and Pinkie Pie!

Back to this week’s patches:

On Wednesday, the Wireshark Foundation released a security update for their Wireshark product.  Wireshark 1.8.4 addresses 11 vulnerabilities and Wireshark 1.6.12 addresses six vulnerabilities.

On Thursday, Apple released a new version of their iTunes software with version 11.  This new version includes many new features and possibly addresses vulnerabilities.  The product release notes contains a link to their security updates section but no vulnerabilities have been announced.  Apple can be a bit slow on releasing vulnerability information, so I will be watching out during the next week for any announcements.

Today, FileZilla has released yet another update for the FileZilla Client.  FileZilla Client 3.6.0.2 is a non-security update addressing two issues.

Happy Patching!

– Jason Miller

P.S. Want to learn more about VMware Go Pro? Click here.

Also, check out  a 30-day free trial of VMware Go Pro!

Pssst… Looking for the Perfect Gift for Your IT Person This Year? Look No Further Than VMware Go Pro!

By Andy the Angry IT Guy

It’s clear that, once again, the holiday season is upon us.

Why is that, you’re asking? Am I delirious with the spirit of the season, hanging tinsel and mistletoe around my cubicle, organizing company caroling sessions and baking festive snickerdoodle cookies for the entire office?

Of course not! Bah humbug! (Come on… were you expecting anything less from your favorite angry IT guy).

No, I know that the holiday season is approaching because rabid sales executives keep accosting me to make sure their database stays up and running as they close quarter-end deals (it does, as usual…), the HR person keeps complaining to me about Outlook calendars not synching up for people’s PTO requests (you have to click “accept”) and our psychotic marketing director nearly compromised our entire network after clicking an email with a subject line of “Cute baby triplets sing ‘Jingle Bells’ while kittens wrestle in the background” (it was a malicious virus).

Yep, people get pretty irrational around the holidays.  Luckily for me, I know have VMware Go Pro – which definitely helps me deal with the crazy here to a certain degree. I may even go so far as to say I’m “thankful” for VMware Go Pro—truth be told, it’s the best thing to happen to me this year (after my endless flirtations with Liz from Accounting and the long-awaited release of Diablo 3, that is).

VMware Go Pro has allowed me to get our virtualization project up and running with minimal headaches, and has also allowed me to ensure that the company’s infrastructure is secure and appropriately patched (which really comes in handy when your brainiac colleague inadvertently looses a Trojan onto your network).

With that in mind, I offer this gift to you, dear readers: for the rest of today, VMware is running a serious discount on VMware Go Pro in the eStore. In fact, VMware is running a series of promotions in honor of Cyber Monday in the eStore all week (including 20% savings on an annual license for VMware Go Pro).

Trust me when I say, you do not want to miss out on this. If there’s an IT person in your life, get them this gift and know that they will be forever grateful. Really, the only thing better that I can think of is a Star Trek: Next Generation reunion – which sadly won’t be happening anytime soon.

In the meantime, there’s VMware Go Pro! Check it out here – http://store.vmware.com/promo/91614000

Want to learn more about VMware Go Pro? Click here.

Weekly Links – November 27, 2012

Shhh! Can you hear that? If you listen closely, you can hear the faint whisper of Christmas music floating up from every single retail store from here to Sheboygan. With just under a month until Christmas, you can expect to have Bing Crosby and “Santa Baby” ringing in your ears for the foreseeable future. If you made it out for Black Friday this year (and it sounds like many of you did), you surely know what we mean here.

And, in the spirit of retailer-driven holiday traditions, happy Cyber Monday! VMware is getting in on the fun, too—keep an eye on our eStore for promotions throughout this coming week (including a special on VMware Go Pro on November 29!).

Now on to this week’s links:

Buggy Windows 8 patch: Old problem, new solutions (InfoWorld)

Few Enterprises Move at the Speed of Social (InformationWeek)

How IT will evolve to photonics (The Register)

Say What? Top Five IT Quotes of the Week (InternetNews)

Around the Star Trek world in 150 years (Ars Technica)

Contrary to what you’ll probably guess, this week’s apropos of nothing image is not in fact pulled from The Onion:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Want to learn more about VMware Go Pro? Click here.

Better yet, you can try it for yourself here – for free!

Celebrate Cyber Monday with VMware Go Pro!

If our title wasn’t clear enough, how’s this? In honor of Cyber Monday, we’re running a special on VMware Go Pro subscriptions – a powerful, cloud-based service that allows you to manage and protect your VMware vSphere infrastructure. For 48 hours, you can purchase a subscription to VMware Go Pro for 20% off!

WHAT: Significantly-discounted subscription to VMware Go Pro

WHEN: 12:00 AM November 29 – 11:59 PM PST November 30

WHERE: VMware eStore – http://www.vmware.com/vmwarestore/

WHY: Because you deserve it.

Want to take VMware Go Pro for a test drive before purchasing? No problem – you can sign up for a free trial here.

You can also learn more about VMware Go Pro here.

Weekly Links – November 19, 2012

Happy Thanksgiving week! We imagine those of you in the U.S. are all looking forward to stuffing yourselves with turkey and stuffing at Aunt Millie’s this coming Thursday—just remember to save room for the pumpkin cheesecake this time!

Here’s to a shortened work week; hopefully the holiday season has your usually unforgiving colleagues in a more thankful mood these days (yeah, we didn’t think so, either…).

Enough gobbling on our part, though – on to this week’s links:

IT at the crossroads: Lead or fade away (InfoWorld)

The Top 12 Scams of Christmas 2012: New Threats Hitting Mobile, Email and the Web (IT Business Edge)

Petraeus Mission Impossible: Cloaking Email, Online Identities (InformationWeek)

Game consoles to hit new pricing lows on Black Friday (Ars Technica)

It’s Official: You’ll Have More Technology to Manage in 2013 (Spiceworks blog)

This week’s apropos of nothing is particularly apropos of nothing – instead of keeping with the aforementioned Thanksgiving theme, here’s a picture of a baby bear climbing a tree… AWWW!

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Want to learn more about VMware Go Pro? Click here.

Better yet, you can try it for yourself here – and it’s free!

This Week in Patching – 11/16/2012

By: Jason Miller, Manager, Research and Development

This week in patching was highlighted by Microsoft’s Patch Tuesday.  Microsoft released six new security bulletins addressing 13 vulnerabilities.  I have a full write up on Patch Tuesday here.

On the non-Microsoft front, I did not see any security updates released.  However, there were a few non-security updates released that you may want to get installed to fix various issues.

On Monday, two vendors released updates for their programs to fix crashing issues.  Notepad++ 6.2.1  and Filezilla 3.6.0 are non-security updates fixing crash issues.

On Tuesday, an update for AT&T Global Network Client was released with version 9.1.0.  The release notes have not been updated yet.  Without a published update, I am under the assumption at this point that the release is a non-security update.

VMware also released updates for MozyHome and MozyPro with version 2.18.0.227.  These updates are non-security updates fixing numerous issues and introducing new features.

On Thursday, Microsoft released a new version of Skype with version 6.0.0.126.  The highlight of this non-security update is a fix that addresses issues when upgrading to the latest version of Skype.

Due to the holiday week next week, I will not have a weekly write up for the week in patching next Friday.  I will provide an update in patching for the holiday week the following Monday.

Happy Patching!

– Jason

P.S. Want to learn more about VMware Go Pro? Click here. Also, check out  a 30-day free trial of VMware Go Pro!

VMware Go Pro – Now with Migration Features!

Heads up – VMware Go Pro has a cool new feature as of today!

What’s new?

VMware Go Pro now has a migration feature. What does that mean for you, you may ask? You can now easily and seamlessly move virtual machines from one hypervisor or server to another, and shift it back again as needed.

All IT admins have had to deal with a faulty server at one point or another—and they likely know what a painful process migration can be. VMware Go Pro’s new migration feature takes the pain out of this process and allows you to smoothly manage the migration process.

And one more thing…

As if migration functionality wasn’t enough, VMware Go Pro now supports Windows 8 and Windows 2012 as well! This means that, among other things, you can now access VMware Go Pro and manage your IT assets from Internet Explorer 10 (assuming you’re not a Chrome of Firefox user, that is…) and better manage patching updates for Microsoft assets.

VMware Go Pro helps you better manage your IT assets and patching updates (including third-party apps) from a simple web-based interface—what’s not to love?

Want to learn more about VMware Go Pro? Click here.

Ready to try it out for yourself? Register here for a free trial!

Weekly Links – November 12, 2012

Happy Veterans Day – hope that at least some of you out there have the day off! More importantly, though, we want to take a moment to thank all of the veterans out there. We appreciate all of the hard work and sacrifice you’ve put in for your country.

Now, on to this week’s links:

85th level Orc Rogue wins election (ZDNet)

The advantages of IT on a shoestring budget (InfoWorld)

IT’s Future: Less Building, More Bundling (InformationWeek)

Twitter Issues Apology After Password Debacle (eWEEK)

CIA Director’s affair caught by FBI e-mail monitoring (Ars Technica)

For this week’s apropos of nothing image, we present you with a pearl of wisdom from one of the great scholars of our time:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Want to learn more about VMware Go Pro? Click here.

Better yet, you can try it for yourself here – and it’s free!

This Week in Patching – 11/9/2012

By: Jason Miller, Manager, Research and Development

It has been a busy week for patch releases.  Here is a quick recap of the happenings in patch management.

Tuesday

Adobe released a new security bulletin for Adobe Flash Player and Adobe Air.  APSB12-24 addresses seven vulnerabilities and the following versions address these issues:

  • Adobe Flash Player 11.5.502.110
  • Adobe Flash Player 10.3.183.43
  • Adobe Air 3.4.0.600

It is important to note that the vulnerabilities also affect the Adobe Flash Player 10 product line as well.  In the ‘Priority and Ratings,’ ‘Affected Software Versions,’ and ‘ Summary’ on the Adobe security bulletin page do not list Adobe Flash Player 10 as an affected product.  The CVE filed on behalf of the vulnerabilities state that Adobe Flash Player 10 is indeed affected by the vulnerabilities.  In addition, the Adobe Security Bulletin page has Adobe Flash Player 10 affected in the ‘Solution’ area.

With the Adobe Flash Player release, I also saw a coordinated release effort from Google and Microsoft to address vulnerable Adobe Flash Player programs embedded in their browsers.  Google Chrome / Chrome Frame version 23.0.1271.64 fixes 14 vulnerabilities and includes the latest version of the Adobe Flash Player.  This new version of the Google browser includes a new ‘Do Not Track’ feature that sends a request to a website asking it to not track information.  On the Microsoft side, Microsoft Security Advisory 2755801 was updated to include the latest version of Adobe Flash Player for Microsoft Internet Explorer 10.

Opera also released a new version of their browser for the first time since June of this year.  Opera 12.10 addresses six vulnerabilities.  In the release notes, you will need to scroll down to the beta section to see that this release actually fixed security vulnerabilities.  They are noted in the beta section for version 12.10.

Wednesday

HP released their first update since June of this year for their System Management Homepage product.  HP System Management Homepage 7.1.2 appears to be a security update and is rated as “Recommended” from HP.    The release notes for this newer version states “Improved security features.”  Vulnerability information for HP System Management Homepage releases typically take a few weeks after the product release, so I will be watching the national vulnerability database for more information.

Thursday

Apple joined the busy patching week with a new release of Apple QuickTime.  Apple QuickTime 7.7.3 is a security update addressing nine vulnerabilities. One of the vulnerabilities fixed with this release is remarkably from 2011 (CVE-2011-1374).

Friday

AOL Instant Messenger 1.2.0.2 has been released to the mainstream.  This product typically does not have release notes associated with each version.  I will be waiting to see if a CVE is released that would mark this release as a security bulletin.

Other News

Next Tuesday marks the November 2012 edition of Patch Tuesday.  Microsoft is set to release six bulletins addressing 13 vulnerabilities.  This Patch Tuesday will be highlighted by the first security bulletin releases for the new Microsoft Windows 8 and Server 2012 operating systems.

There are reports of a Zero-day vulnerability in Adobe Reader.  No confirmation or information has been released yet by Adobe.  There is a chance that Adobe could be releasing an update for Adobe Reader on Patch Tuesday.

I will be back next Tuesday to talk in detail on all of the activities for the November 2012 Patch Tuesday.

Happy Patching!

– Jason Miller

P.S. Also, check out  a 30-day free trial of VMware Go Pro!

Weekly Links – November 5, 2012

Happy Monday to all you IT admins out there! Here’s to hoping that everybody had a good weekend—and that things are starting to get back to normal for those of you in the Northeast United States.

Here are your weekly links:

The geek skills challenge: 10 talents worth mastering (InfoWorld)

5 Ways To Survive The Coming IT Apocalypse (InformationWeek)

The Next Big Thing in BYOD, Continued (IT Business Edge)

IT sector rebounds, gains 12,500 jobs in October (ITWorld)

PayPal, Symantec hacked as Anonymous begins November 5 hacking spree (ZDNet)

This week’s apropos of nothing is nothing more than a shameless pun – we’re suckers for shameless puns:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Better yet, you can try it for yourself here – and it’s free!