Home > Blogs > VMware Go Blog > Tag Archives: patch management

Tag Archives: patch management

Weekly Links – November 19, 2012

Happy Thanksgiving week! We imagine those of you in the U.S. are all looking forward to stuffing yourselves with turkey and stuffing at Aunt Millie’s this coming Thursday—just remember to save room for the pumpkin cheesecake this time!

Here’s to a shortened work week; hopefully the holiday season has your usually unforgiving colleagues in a more thankful mood these days (yeah, we didn’t think so, either…).

Enough gobbling on our part, though – on to this week’s links:

IT at the crossroads: Lead or fade away (InfoWorld)

The Top 12 Scams of Christmas 2012: New Threats Hitting Mobile, Email and the Web (IT Business Edge)

Petraeus Mission Impossible: Cloaking Email, Online Identities (InformationWeek)

Game consoles to hit new pricing lows on Black Friday (Ars Technica)

It’s Official: You’ll Have More Technology to Manage in 2013 (Spiceworks blog)

This week’s apropos of nothing is particularly apropos of nothing – instead of keeping with the aforementioned Thanksgiving theme, here’s a picture of a baby bear climbing a tree… AWWW!

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Want to learn more about VMware Go Pro? Click here.

Better yet, you can try it for yourself here – and it’s free!

This Week in Patching – 11/16/2012

By: Jason Miller, Manager, Research and Development

This week in patching was highlighted by Microsoft’s Patch Tuesday.  Microsoft released six new security bulletins addressing 13 vulnerabilities.  I have a full write up on Patch Tuesday here.

On the non-Microsoft front, I did not see any security updates released.  However, there were a few non-security updates released that you may want to get installed to fix various issues.

On Monday, two vendors released updates for their programs to fix crashing issues.  Notepad++ 6.2.1  and Filezilla 3.6.0 are non-security updates fixing crash issues.

On Tuesday, an update for AT&T Global Network Client was released with version 9.1.0.  The release notes have not been updated yet.  Without a published update, I am under the assumption at this point that the release is a non-security update.

VMware also released updates for MozyHome and MozyPro with version 2.18.0.227.  These updates are non-security updates fixing numerous issues and introducing new features.

On Thursday, Microsoft released a new version of Skype with version 6.0.0.126.  The highlight of this non-security update is a fix that addresses issues when upgrading to the latest version of Skype.

Due to the holiday week next week, I will not have a weekly write up for the week in patching next Friday.  I will provide an update in patching for the holiday week the following Monday.

Happy Patching!

– Jason

P.S. Want to learn more about VMware Go Pro? Click here. Also, check out  a 30-day free trial of VMware Go Pro!

VMware Go Pro – Now with Migration Features!

Heads up – VMware Go Pro has a cool new feature as of today!

What’s new?

VMware Go Pro now has a migration feature. What does that mean for you, you may ask? You can now easily and seamlessly move virtual machines from one hypervisor or server to another, and shift it back again as needed.

All IT admins have had to deal with a faulty server at one point or another—and they likely know what a painful process migration can be. VMware Go Pro’s new migration feature takes the pain out of this process and allows you to smoothly manage the migration process.

And one more thing…

As if migration functionality wasn’t enough, VMware Go Pro now supports Windows 8 and Windows 2012 as well! This means that, among other things, you can now access VMware Go Pro and manage your IT assets from Internet Explorer 10 (assuming you’re not a Chrome of Firefox user, that is…) and better manage patching updates for Microsoft assets.

VMware Go Pro helps you better manage your IT assets and patching updates (including third-party apps) from a simple web-based interface—what’s not to love?

Want to learn more about VMware Go Pro? Click here.

Ready to try it out for yourself? Register here for a free trial!

Weekly Links – November 12, 2012

Happy Veterans Day – hope that at least some of you out there have the day off! More importantly, though, we want to take a moment to thank all of the veterans out there. We appreciate all of the hard work and sacrifice you’ve put in for your country.

Now, on to this week’s links:

85th level Orc Rogue wins election (ZDNet)

The advantages of IT on a shoestring budget (InfoWorld)

IT’s Future: Less Building, More Bundling (InformationWeek)

Twitter Issues Apology After Password Debacle (eWEEK)

CIA Director’s affair caught by FBI e-mail monitoring (Ars Technica)

For this week’s apropos of nothing image, we present you with a pearl of wisdom from one of the great scholars of our time:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Want to learn more about VMware Go Pro? Click here.

Better yet, you can try it for yourself here – and it’s free!

This Week in Patching – 11/9/2012

By: Jason Miller, Manager, Research and Development

It has been a busy week for patch releases.  Here is a quick recap of the happenings in patch management.

Tuesday

Adobe released a new security bulletin for Adobe Flash Player and Adobe Air.  APSB12-24 addresses seven vulnerabilities and the following versions address these issues:

  • Adobe Flash Player 11.5.502.110
  • Adobe Flash Player 10.3.183.43
  • Adobe Air 3.4.0.600

It is important to note that the vulnerabilities also affect the Adobe Flash Player 10 product line as well.  In the ‘Priority and Ratings,’ ‘Affected Software Versions,’ and ‘ Summary’ on the Adobe security bulletin page do not list Adobe Flash Player 10 as an affected product.  The CVE filed on behalf of the vulnerabilities state that Adobe Flash Player 10 is indeed affected by the vulnerabilities.  In addition, the Adobe Security Bulletin page has Adobe Flash Player 10 affected in the ‘Solution’ area.

With the Adobe Flash Player release, I also saw a coordinated release effort from Google and Microsoft to address vulnerable Adobe Flash Player programs embedded in their browsers.  Google Chrome / Chrome Frame version 23.0.1271.64 fixes 14 vulnerabilities and includes the latest version of the Adobe Flash Player.  This new version of the Google browser includes a new ‘Do Not Track’ feature that sends a request to a website asking it to not track information.  On the Microsoft side, Microsoft Security Advisory 2755801 was updated to include the latest version of Adobe Flash Player for Microsoft Internet Explorer 10.

Opera also released a new version of their browser for the first time since June of this year.  Opera 12.10 addresses six vulnerabilities.  In the release notes, you will need to scroll down to the beta section to see that this release actually fixed security vulnerabilities.  They are noted in the beta section for version 12.10.

Wednesday

HP released their first update since June of this year for their System Management Homepage product.  HP System Management Homepage 7.1.2 appears to be a security update and is rated as “Recommended” from HP.    The release notes for this newer version states “Improved security features.”  Vulnerability information for HP System Management Homepage releases typically take a few weeks after the product release, so I will be watching the national vulnerability database for more information.

Thursday

Apple joined the busy patching week with a new release of Apple QuickTime.  Apple QuickTime 7.7.3 is a security update addressing nine vulnerabilities. One of the vulnerabilities fixed with this release is remarkably from 2011 (CVE-2011-1374).

Friday

AOL Instant Messenger 1.2.0.2 has been released to the mainstream.  This product typically does not have release notes associated with each version.  I will be waiting to see if a CVE is released that would mark this release as a security bulletin.

Other News

Next Tuesday marks the November 2012 edition of Patch Tuesday.  Microsoft is set to release six bulletins addressing 13 vulnerabilities.  This Patch Tuesday will be highlighted by the first security bulletin releases for the new Microsoft Windows 8 and Server 2012 operating systems.

There are reports of a Zero-day vulnerability in Adobe Reader.  No confirmation or information has been released yet by Adobe.  There is a chance that Adobe could be releasing an update for Adobe Reader on Patch Tuesday.

I will be back next Tuesday to talk in detail on all of the activities for the November 2012 Patch Tuesday.

Happy Patching!

– Jason Miller

P.S. Also, check out  a 30-day free trial of VMware Go Pro!

Weekly Links – November 5, 2012

Happy Monday to all you IT admins out there! Here’s to hoping that everybody had a good weekend—and that things are starting to get back to normal for those of you in the Northeast United States.

Here are your weekly links:

The geek skills challenge: 10 talents worth mastering (InfoWorld)

5 Ways To Survive The Coming IT Apocalypse (InformationWeek)

The Next Big Thing in BYOD, Continued (IT Business Edge)

IT sector rebounds, gains 12,500 jobs in October (ITWorld)

PayPal, Symantec hacked as Anonymous begins November 5 hacking spree (ZDNet)

This week’s apropos of nothing is nothing more than a shameless pun – we’re suckers for shameless puns:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Better yet, you can try it for yourself here – and it’s free!

Weekly Links – October 29, 2012

Mondays! I hate Mondays! They make me so steamed!

Weekends! Talkin’ ‘bout the weekend!

Oh, oh, oh, oh, oh, oh, oh!

We’ll offer a free trial of VMware Go Pro to anybody who can tell us where those lyrics came from.

As you may have noticed, we’ve switched things up here and are now posting your weekly links on Mondays, instead of Fridays. Why? We figured you needed this little ray of hope to get you over the initial hump of another arduous week.

That, plus the fact that our friend Jason Miller is now posting his weekly patch management news updates in this space on Fridays. If you haven’t checked out his first “This Week in Patching” post yet, we highly recommend doing so—and checking back for new posts from Jason every Friday from here on out.

And with that, here are this week’s links:

Why admins should know how to code (InfoWorld)

Gartner’s Top 10 IT Trends: Hits and Misses (InformationWeek)

Save the world with tech? It’s getting easier all the time (GigaOM)

The Security Reality of Road Warriors (Wired)

5 dysfunctional IT relationships – and how to repair them (Computerworld)

In keeping with the major theme of this week – Halloween – we decided to spotlight one of the best costumes we’ve seen out there on the interwebs (read: Reddit) thus far. You can never go wrong with a Monty Python-inspired costume as far as we’re concerned:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Better yet, you can try it for yourself here – and it’s free!

This Week in Patching – 10/19/2012

By: Jason Miller, Manager, Research and Development

It is that time for a weekly recap of the happenings of patch management.

This week was highlighted by a critical security update from Oracle.  Oracle released updates for their Java programs with Java 7 update 9 and Java 6 update 37 during their quarterly update.  These updates address 28 vulnerabilities.  Some of the vulnerabilities addressed by this update were zero-day vulnerabilities.  With any patch addressing zero-day vulnerabilities, administrators will want to patch as soon as possible.  Apple also released an update for the newer version of Java.  This update release coincided with Oracle’s Java release.  The next scheduled update for Java is set for February 19, 2013.

On Wednesday, Adobe released new versions for their Adobe Acrobat and Reader product lines.  Adobe Acrobat / Reader 11 (or XI) does not contain any security fixes from the version 9 or 10 product lines.

On Thursday, VideoLAN released a new version for their VLC media player.  The release notes for VLC media player 2.0.4 state there are fixes for “security issues” but no CVE has been submitted for this version.

The Document Foundation released a new version of their LibreOffice product that prompted some confusion.  The release version for LibreOffice has steadily been increasing on a normal cadence.  LibreOffice 3.4.x was followed by 3.5.x.  On August 15th, LibreOffice had a new major version with 3.6.x and has since been followed up by minor version increases (3.6.1, 3.6.2).  Yesterday, LibreOffice 3.5.7 was released.  This version number is lower than the 3.6.x branch and has confused people.  From a LibreOffice blog posting, they have stated that the 3.5.x branch will continue to receive updates as will the 3.6.x branch.  The 3.5.x branch is intended to be a stable branch where the 3.6.x introduces new features to the LibreOffice program.  LibreOffice 3.5.7 (released yesterday) and LibreOffice 3.6.2 (released on October 4) both do not contain any security fixes.

Happy Patching!

– Jason Miller

Oh, and here’s a free 30 day trial of VMware Go Pro, just in case you need some help patching.

vSphere Essentials + VMware Go Pro = Worry-Free IT Management for SMBs

In its early days, virtualization was seen as a luxury for IT departments. Sure, it would save you considerable money on hardware and utility costs and improve overall performance for your IT infrastructure—but there was also a significant upfront cost and technical training required to get it up and running. At that point, it was essentially limited to the IT 1%-ers (come on, it’s election season – grant us that one terrible analogy…).

After a while, virtualization evolved from a nice-to-have to a need-to-have; nearly every single Fortune 500 company, for example, had virtualized most or all of their infrastructure by the early 2010s. At this point, virtualization has emerged as a best practice in IT and nearly every single medium-to-large organization has gotten on board with it.

It’s just now, though, that many smaller and mid-sized organizations are beginning to embrace virtualization. As the market has evolved, the barrier to entry has dropped and cost-conscious SMBs are beginning to realize the potential of virtualization.

With that said, we realize that every dollar counts—and getting started with virtualization wasn’t always the easiest option in the past. With that in mind, we’ve made it even easier for SMBs to get started with virtualization: from now until December 15, VMware Go Pro will be bundled with vSphere Essentials and vSphere Essentials Plus.

That means that you can get use VMware Go Pro to greatly simplify and streamline your vSphere installation.  And Go Pro provides industry-leading patch management at no additional charge when you purchase vSphere. So what are you waiting for, sign up today!

Not convinced yet? Try a 30-day free trial of VMware Go Pro for free – no questions asked!

Weekly Links – October 12, 2012

Good afternoon to our favorite IT admins! Any fun plans in store for this weekend? Personally, we want to go see that Seven Psychopaths movie—how can you go wrong with Tom Waits, Christopher Walken and Sam Rockwell in the same movie?

Now for your weekly links:

Top 10 cloud jobs (InfoWorld)

Seven Reasons Why Companies Need to Automate Disaster Recovery (IT Business Edge)

BYOD: The New IT Management Headache (Network Computing)

10 technologies shaping the future of IT (IT World)

The IT Crowd (required viewing if you haven’t seen it yet) (Netflix)

This was too good to pass up – this week’s apropos of nothing image:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Better yet, you can try it for yourself here – and it’s free!