Home > Blogs > VMware Go Blog > Tag Archives: patch tuesday

Tag Archives: patch tuesday

This Week in Patching – 1/14/2013

By: Jason Miller, Manager of Research and Development at VMware

Happy New Year.  I hope IT administrators got some much needed patching rest over the past couple of weeks.  2013 is started out quite heavy in the world of patching.

This week was highlighted by a busy Patch Tuesday.  You can read my write up on the January 2013 edition of Patch Tuesday here.

There were also other vendors releasing critical security bulletins on Patch Tuesday.  Adobe released two security bulletins.  APSB13-02 was pre-announced last Thursday as a part of their quarterly update for Adobe Acrobat and Adobe Reader.  Adobe Acrobat / Reader versions 9.5.3 / 10.1.5 / 11.0.1 address 27 vulnerabilities and are rate Critical.  Adobe security bulletin APSB13-01 was not pre-announced by Adobe, but I expected this bulletin to be released after Microsoft announced an update for Adobe Flash Player in Microsoft Internet Explorer 10 last Thursday was set to be released on Patch Tuesday.  APSB13-01 addresses 1 vulnerability in Adobe Flash Player versions 10 and 11 (as well as Adobe Air 3.5).

Mozilla also released security updates to coincide with Microsoft’s Patch Tuesday.  The most notable of the releases by Mozilla was the major update for Firefox.  Mozilla Firefox 18 contains new features as well as security updates.  For those organizations that do not want to roll out new features in their Mozilla products due to concerns of the new features breaking functionality, Mozilla is continuing their effort with the Mozilla ESR products.  These product updates contain new security fixes but do not contain new features.

Here is the details list of Mozilla updates released on Patch Tuesday:

  • Mozilla Firefox 18
    • Security update addressing 12 Critical, 8 High and 1 Moderate Mozilla Security Advisories (30 vulnerabilities)
  • Mozilla SeaMonkey 2.15
    • Security update addressing 12 Critical, 7 High and 1 Moderate Mozilla Security Advisories (26 vulnerabilities)

The other notable updates this week were released on Thursday.  Google updated their Chrome and Chrome Frame browser with version 24.0.1312.52.  This new version fixes 24 vulnerabilities and includes an updated version of Adobe Flash Player that was released by Adobe on Patch Tuesday.  In the past year, Google has been in sync with Adobe on Adobe Flash Player releases.  Interestingly, Google’s release came two days after the Adobe Flash Player release.

There were also some non-security updates released on Thursday.  MozyHome and MozyPro updated their programs with version 2.18.2.244.  Microsoft released a new version of Skype with 6.1.0.129.  This version now integrates with Microsoft Office Outlook contact.

Happy Patching!

– Jason Miller

Interested in a free 30 day trial of VMware Go Pro for patch management, IT management, virtualization and more? Click here.

 

This Week in Patching – 1/7/2013

By: Jason Miller, Manager of Research and Development at VMware

Patching came to a quiet end in 2012 and 2013 is starting off with a bang.  Here is a quick recap of the happenings in patch management this week:

On Wednesday, a new version of CDBurnerXP was released with version 4.5.0.3717.  This new version is a non-security update.  On Friday, Google released a non-security update for their Picasa program with version 3.9.136.120.

Microsoft announced their January 2013 Patch Tuesday Advance Notification.  You can read my write up here on the upcoming Patch Tuesday.  In addition to the seven Microsoft security bulletins being released next Tuesday, there are quite a few non-Microsoft patches being released on Patch Tuesday.

Adobe announced they will be releasing updates for their Adobe Reader and Adobe Acrobat programs (versions 9/10/11).  These updates are rated as critical and are part of their quarterly update for Adobe Acrobat and Reader.

In addition, Mozilla is lining up to release updates as well for their products.  You can expect updates for their Mozilla Firefox, Firefox ESR, Thunderbird, Thunderbird ESR and SeaMonkey products.

On Microsoft’s preannouncement page for upcoming non-security updates, they have listed Adobe Flash Player for Internet Explorer 10.  With this in mind, expect updates from Adobe for Adobe Flash Player and Google Chrome on Patch Tuesday.  With every Adobe Flash Player release, Microsoft and Google update their browsers to supply the latest version of the Flash Player program.

On the Microsoft Security Advisory front, Microsoft released a new security advisory on Thursday.  Microsoft Security Advisory 2798897 addresses issues with fraudulent digital certificates.  This security advisory places the offending certificates in the untrusted certificate store on systems.  In June 2012, Microsoft released a tool that will run on systems and quickly moves revoked certificates to the untrusted certificate stores.  This tool aids administrators that want an easy and quick way to update certificate issues Microsoft finds.  This tool can be downloaded here.  For those that do not want to use the tool, Microsoft has provided patches for this certificate issue that can be applied to systems.

Until Patch Tuesday, Happy Patching!

– Jason Miller

Interested in a free 30 day trial of VMware Go Pro for patch management, IT management, virtualization and more? Click here.

Weekly Links – January 4, 2013

Another year has come and gone – here’s to a great 2013 for all of the readers of this blog!

Things we want to see in 2013:

  • More SMBs virtualizing their infrastructure, of course!
  • A follow up to this movie
  • The permanent inclusion of the McRib on McDonalds’ menu
  • A more pragmatic, less interventionist approach from incoming Secretary of State John Kerry

Things that we don’t want to see in 2013:

  • Clunky, on-premise IT management software
  • A follow-up to this song
  • Ben Stiller. Time to give things a rest, pal…
  • A global pandemic (best not to let our guard down even after surviving 12/21/12)

Enough ballyhooing, on to your links!

Amazon’s EC2 Outage: A Closer Look (InformationWeek)

A Lighter Look at Life in IT (IT Business Edge)

Chinese Dad Hires Virtual Assassins to Harass Game-Obsessed Son (The Next Web)

Why Windows To Go is perfect for BYOD (ITWorld)

Steve Jobs biopic hits theatres in April. Will you see it? (Ars Technica)

This week’s apropos of nothing image serves as a stark reminder as to why you should never work at a hospital in Alaska or northern Canada.

You can read our previous links round-ups here. Interested in a free 30 day trial of VMware Go Pro for patch management, IT management, virtualization and more? Click here.

 

 

Happy Holidays, From Andy the Angry IT Guy

By: Andy the Angry IT Guy

Editor’s note: This is the thirteenth in a series of posts we’ll be running from “Andy,” an anonymous IT administrator working for a mid-sized organization located somewhere in the American Midwest. Today, Andy flexes his creative muscles and shares his experience dealing with a server going offline earlier this week – shamelessly set to the tune of an old Christmas standard…

Twas the week before Christmas, when our main server went down

“This is really going to suck,” I said, sporting a great frown

I went to the server room, to check the root cause

Feeling my colleagues’ wrath as I walked past – it was unceasing, without pause

 

I was nearly to my destination, when who should jump out?

 But Jack, the new sales guy — an insufferable lout

 “Hey Andy,” he sneered, his voice dripping with scorn

 “Why’d our computers all break? What, were you watching porn?”

 

 “Why are you even here? Shouldn’t you be bro-fisting and pounding Jaegermeister all day?”

 … Would’ve been a great counter-insult; it’s what I wanted to say

 Instead I just shrugged, and brushed right on by

 To the data center I went, to have a private cry (It’s not easy, after all, being the IT guy!)

 

As I wiped at my eyes, I surveyed the scene

It looked bad, really bad… a long night loomed ahead, filled with lots of caffeine

The server was fried; the router was shot

I thought about just quitting right then and there, leaving that stupid server to rot

 

Exchange was on there, so were Adobe and SQL

Without these apps running, there would be lots of angry people

It was amidst this despair that I suddenly proclaimed, “Whoa!”

“I can just migrate these VMs with VMware Go!”

 

My problem was soon solved, with laughable ease

Setting up a new VM and migrating the apps was a total breeze

The process took minutes – not an hour, not a week

My holiday was saved, I was too happy to speak

 

Now, you may be wondering, did my colleagues express gratitude?

Of course they didn’t! Like always, they were aloof and quite rude

But I couldn’t have cared less, that’s right I said it

I can now spend Christmas week at home, with Xbox and Reddit

 

With that, I’ll sign off and wish you all farewell

As I finish this lament about the job from hell

Happy holidays to all of you, from Palo Alto to Prague

And please do keep reading my rants on this blog!

 

See you all in 2013!

 

Learn More About VMware Go Pro Today!

VMware Go Pro can help you seamlessly begin your virtualization journey, and has the industry-leading patch management platform. Click here to get started today!

This Week in Patching – 12/21/2012

By: Jason Miller, Manager of Research and Development at VMware

Here is a quick recap in the world of patch management.  This week was highlighted by security updates for RealPlayer and Opera.

Late last Friday, Real Networks released an update for the RealPlayer media player.  RealPlayer 16.0.0.282 is a security update addressing two vulnerabilities.

On Saturday, a new version of VLC Media player was made available.  VLC 2.0.5 is a non-security that now includes support for Microsoft Windows 8.

On Sunday, we saw two new patch releases.  CDBurnerXP 4.5.0.3685 and Notepad++ 6.2.3 are non-security updates.

On Monday, new updates were made available for the Mozy software backup program.  MozyHome / MozyPro 2.18.1.235 are both non-security updates.

On Tuesday, Opera released a new version of their Internet browser.  Opera 12.12 is a security update addressing two vulnerabilities on Windows that could lead to Remote Code Execution if exploited.

Happy Patching!

– Jason Miller

P.S. Click here to learn more about how VMware Go Pro can help you better manage your IT infrastructure.

Weekly Links – December 17, 2012

Happy “Most-of-Us-Won’t-Be-Working-Next-Monday” day, everybody! Seriously, though, it’s hard to believe that we’re just over a week from Christmas (and Channakuh is already upon us!).

Have you finished your holiday shopping yet? Started it, even? Yeah, us neither. Here’s to battling the riotous, crazed last-minute crowds at Macy’s this week. It will all be over soon enough.

FYI, we will be on hiatus next week – see everybody back here in 2013. In the meantime, happy holidays!

Your weekly links:

Six Ways IT Still Fails Business (InformationWeek)

The 2012 InfoWorld geek IQ test (InfoWorld)

Developer warns of critical vulnerability in many Samsung smart phones (Ars Technica)

Research: Agile developers rule the roost, experience trumps toolsets (GigaOM)

Google Maps for iOS Was Downloaded Over 10 Million Times in Its First 48 Hours After Launch (TechCrunch)

This week’s apropos of nothing image is dedicated to all of you who, at some point in life or another, have had to endure the dreaded “awkward family holiday photo.” Hang in there, at least you’re not these people (and if you are in fact this people: Godspeed).

You can read our previous links round-ups here. And be sure to visit us here for more information on how we can help you better manage your IT infrastructure.

 

 

This Week in Patching – 12/14/2012

By: Jason Miller, Manager of Research and Development at VMware

This week in patching was highlighted by Microsoft’s December 2012 Patch Tuesday.  Microsoft released seven security bulletins addressing 12 vulnerabilities.  You can read my full write up on Patch Tuesday here.

On the non-Microsoft front, Adobe released an update for their Adobe Flash Player and Air products.  Adobe Security Bulletin APSB12-27 addresses three vulnerabilities as is rated as Critical.  Adobe has started the trend of releasing security updates for Flash Player on Microsoft’s Patch Tuesday.  This trend will probably continue as Microsoft and Google both bundle Adobe Flash Player in their latest browsers.

On that note, Microsoft released an update for their security advisory (KB2755801) to include the latest version of Adobe Flash for Internet Explorer 10.  Google released an update on Patch Tuesday for their Chrome browser.  Google Chrome 23.0.1271.97 contains the latest version of Adobe Flash Player as well as addressing six Google Chrome vulnerabilities.

To wrap up Patch Tuesday, Apache released a new version of Tomcat for Windows with version 7.0.34.  This latest version of Tomcat is a non-security update.

On Thursday, Oracle provided updates for Java version 6 and 7.  Java 6 update 38 and Java 7 update 10 are non-security releases.  The next scheduled security update for Oracle Java is planned for February 19, 2013.  It is important to note that the next scheduled security update will be the last time Java version 6 will receive a security update.  At that time, Oracle will continue to provide security updates for Java version 7.  In the next few months, administrators should look at testing the upgrade for Java version 6 to version 7.  Java can be quite tricky to upgrade.  There are occasions where older software programs that rely on Java simply will not work with the latest version.  By June 18, 2013, administrators should be upgraded to Java 7.  That date will be the next scheduled security update after Java 6 has reached end of life for support.

On Friday, Apple provided updates for their iTunes product with version 11.01.  This update addresses non-security issues with their recent major upgrade in version 11.

Typically, the last two weeks of the year are very quiet for vendors releasing patches for their software.  If any vendor does release updates, I will be back next Friday with an update on the happenings in patch management.  If not, I will be getting a head start on ringing in the New Year.

Happy Patching and Happy Holidays!

– Jason Miller

Click here to learn more about how VMware Go Pro can help you better manage your IT infrastructure.

 

 

Simplify Your IT Management with VMware Go Pro (Webinar)

Attention IT admins! Have you been looking for a cost-effective way to implement virtualization? Look no further; VMware Go Pro is here to help!

Join us for a webinar that will demonstrate how easy it is to deploy VMware vSphere and manage both your virtual and physical infrastructures with VMware Go Pro.

WHEN: Thursday, December 13 at 8:00 AM PT / 11:00 AM ET

WHERE: Register here

WHO: Chris Barron and Fabio Ramos of VMware

Any questions? Leave a comment and we’ll get back to you ASAP.

Hope to see you Thursday!

Click here to learn more about how VMware Go Pro can help you better manage your IT infrastructure.

Weekly Links – December 10, 2012

Another day, another dollar… Here’s to another week of the daily grind. Looking for a silver lining? We’re only 11 days from the apocalypse, if you trust the “end of days” crowd, that is (no folks, the Mayans did NOT predict the end of the world on December 21, 2012).

Which sounds better to you: another 20-30 years of managing trouble tickets for clueless colleagues, or floating in purgatory for the rest of eternity (it’s a trick question… they’re one in the same!).

Your weekly links:

Your key technology decisions for 2013 (InfoWorld)

Google Apps No Longer Free For Businesses (InformationWeek)

Worst security snafus of 2012 (ITWorld)

Online job boards don’t work – how big data can fix the problem (GigaOM)

Everyone gets new Twitter pages December 12 (The Next Web)

Now, on to this week’s apropos of nothing images… It’s a bird! It’s a plane! It’s—oh wait, it is a plane! Cool shot all the same.

Who can tell us what city they’re flying over here?

You can read our previous links round-ups here. And be sure to visit us here for more information on how we can help you better manage your IT infrastructure.

 

Pssst… Looking for the Perfect Gift for Your IT Person This Year? Look No Further Than VMware Go Pro!

By Andy the Angry IT Guy

It’s clear that, once again, the holiday season is upon us.

Why is that, you’re asking? Am I delirious with the spirit of the season, hanging tinsel and mistletoe around my cubicle, organizing company caroling sessions and baking festive snickerdoodle cookies for the entire office?

Of course not! Bah humbug! (Come on… were you expecting anything less from your favorite angry IT guy).

No, I know that the holiday season is approaching because rabid sales executives keep accosting me to make sure their database stays up and running as they close quarter-end deals (it does, as usual…), the HR person keeps complaining to me about Outlook calendars not synching up for people’s PTO requests (you have to click “accept”) and our psychotic marketing director nearly compromised our entire network after clicking an email with a subject line of “Cute baby triplets sing ‘Jingle Bells’ while kittens wrestle in the background” (it was a malicious virus).

Yep, people get pretty irrational around the holidays.  Luckily for me, I know have VMware Go Pro – which definitely helps me deal with the crazy here to a certain degree. I may even go so far as to say I’m “thankful” for VMware Go Pro—truth be told, it’s the best thing to happen to me this year (after my endless flirtations with Liz from Accounting and the long-awaited release of Diablo 3, that is).

VMware Go Pro has allowed me to get our virtualization project up and running with minimal headaches, and has also allowed me to ensure that the company’s infrastructure is secure and appropriately patched (which really comes in handy when your brainiac colleague inadvertently looses a Trojan onto your network).

With that in mind, I offer this gift to you, dear readers: for the rest of today, VMware is running a serious discount on VMware Go Pro in the eStore. In fact, VMware is running a series of promotions in honor of Cyber Monday in the eStore all week (including 20% savings on an annual license for VMware Go Pro).

Trust me when I say, you do not want to miss out on this. If there’s an IT person in your life, get them this gift and know that they will be forever grateful. Really, the only thing better that I can think of is a Star Trek: Next Generation reunion – which sadly won’t be happening anytime soon.

In the meantime, there’s VMware Go Pro! Check it out here – http://store.vmware.com/promo/91614000

Want to learn more about VMware Go Pro? Click here.