Home > Blogs > VMware Go Blog > Tag Archives: vulnerabilities

Tag Archives: vulnerabilities

Weekly Links – January 4, 2013

Another year has come and gone – here’s to a great 2013 for all of the readers of this blog!

Things we want to see in 2013:

  • More SMBs virtualizing their infrastructure, of course!
  • A follow up to this movie
  • The permanent inclusion of the McRib on McDonalds’ menu
  • A more pragmatic, less interventionist approach from incoming Secretary of State John Kerry

Things that we don’t want to see in 2013:

  • Clunky, on-premise IT management software
  • A follow-up to this song
  • Ben Stiller. Time to give things a rest, pal…
  • A global pandemic (best not to let our guard down even after surviving 12/21/12)

Enough ballyhooing, on to your links!

Amazon’s EC2 Outage: A Closer Look (InformationWeek)

A Lighter Look at Life in IT (IT Business Edge)

Chinese Dad Hires Virtual Assassins to Harass Game-Obsessed Son (The Next Web)

Why Windows To Go is perfect for BYOD (ITWorld)

Steve Jobs biopic hits theatres in April. Will you see it? (Ars Technica)

This week’s apropos of nothing image serves as a stark reminder as to why you should never work at a hospital in Alaska or northern Canada.

You can read our previous links round-ups here. Interested in a free 30 day trial of VMware Go Pro for patch management, IT management, virtualization and more? Click here.

 

 

Hoboken Consulting Group Virtualizes with VMware Go Pro, Saves Time and Money with Streamlined IT Management

Today, we want to share an interesting customer use case. Hoboken Consulting Group (HCG), a New Jersey-based management consulting firm, recently used VMware Go Pro to virtualize their physical infrastructure – a process that saved them a considerable amount of money and allowed them reduce their operating costs by over 80%.

They had previously been hampered by the cost and complexity of managing their physical infrastructure; as a smaller organization, they weren’t able to negotiate advantageous vendor terms with big tech companies (we won’t name names here…), nor did they have the requisite manpower needed to deploy and manage a physical infrastructure.

The Problem
Like many organizations in a similar position, they were interested in virtualizing their infrastructure to save time and money – but they lacked the necessary know-how – as well as a dedicated IT department – to do so quickly and efficiently.

In the meantime, HCG was struggling; they were losing bids to competitors. Just to gear up to submit a proposal, HCG often had to purchase and provision physical servers – incurring cost and risk with no guarantee of winning the bid. Proposals had to factor in the cost of business process management software, needed hardware and technicians’ to to travel and install the solution. Because of these factors, HCG bids typically took a month to prepare, and came in at a relatively high cost.

“We just couldn’t compete with the big consulting firms,” said Marlon Edwards, an IT architect at HCG. “We were investing in hardware and in consultants’ time, but we’d lose the bid to faster and cheaper competitors. We struggled to stay in business.”

The Solution
HCG saw virtualization as a way to break free of the backbreaking costs that they were incurring as a result of their physical IT infrastructure. After evaluating a number of virtualization solutions, they identified VMware as the best fit for their environment. Included with their purchase of VMware vSphere was a free trial for VMware Go, which Edwards decided to test out.

Edwards enjoyed the ease with which he could operate VMware Go Pro and cited its virtualization onboarding and ensuing management process as extremely helpful in getting HCG’s virtualized infrastructure up and running—and doing so quickly. According to Edwards, virtualizing with VMware has allowed HCG to reduce customer costs up to 80 percent.

“VMware kept us in business,” said Edwards. “We don’t have to buy physical servers anymore. That’s the bottom line; that’s what made us competitive. You just log on to VMware Go Pro and spin up images based on a template. It’s all automated. This allows people to start businesses a lot cheaper and faster, with better resources.”

Learn More!
Want to learn about how VMware Go Pro can help start your virtualization journey and better manage patching? Click here for a free 30 day trial.

This Week in Patching – 12/21/2012

By: Jason Miller, Manager of Research and Development at VMware

Here is a quick recap in the world of patch management.  This week was highlighted by security updates for RealPlayer and Opera.

Late last Friday, Real Networks released an update for the RealPlayer media player.  RealPlayer 16.0.0.282 is a security update addressing two vulnerabilities.

On Saturday, a new version of VLC Media player was made available.  VLC 2.0.5 is a non-security that now includes support for Microsoft Windows 8.

On Sunday, we saw two new patch releases.  CDBurnerXP 4.5.0.3685 and Notepad++ 6.2.3 are non-security updates.

On Monday, new updates were made available for the Mozy software backup program.  MozyHome / MozyPro 2.18.1.235 are both non-security updates.

On Tuesday, Opera released a new version of their Internet browser.  Opera 12.12 is a security update addressing two vulnerabilities on Windows that could lead to Remote Code Execution if exploited.

Happy Patching!

– Jason Miller

P.S. Click here to learn more about how VMware Go Pro can help you better manage your IT infrastructure.

This Week in Patching – 12/14/2012

By: Jason Miller, Manager of Research and Development at VMware

This week in patching was highlighted by Microsoft’s December 2012 Patch Tuesday.  Microsoft released seven security bulletins addressing 12 vulnerabilities.  You can read my full write up on Patch Tuesday here.

On the non-Microsoft front, Adobe released an update for their Adobe Flash Player and Air products.  Adobe Security Bulletin APSB12-27 addresses three vulnerabilities as is rated as Critical.  Adobe has started the trend of releasing security updates for Flash Player on Microsoft’s Patch Tuesday.  This trend will probably continue as Microsoft and Google both bundle Adobe Flash Player in their latest browsers.

On that note, Microsoft released an update for their security advisory (KB2755801) to include the latest version of Adobe Flash for Internet Explorer 10.  Google released an update on Patch Tuesday for their Chrome browser.  Google Chrome 23.0.1271.97 contains the latest version of Adobe Flash Player as well as addressing six Google Chrome vulnerabilities.

To wrap up Patch Tuesday, Apache released a new version of Tomcat for Windows with version 7.0.34.  This latest version of Tomcat is a non-security update.

On Thursday, Oracle provided updates for Java version 6 and 7.  Java 6 update 38 and Java 7 update 10 are non-security releases.  The next scheduled security update for Oracle Java is planned for February 19, 2013.  It is important to note that the next scheduled security update will be the last time Java version 6 will receive a security update.  At that time, Oracle will continue to provide security updates for Java version 7.  In the next few months, administrators should look at testing the upgrade for Java version 6 to version 7.  Java can be quite tricky to upgrade.  There are occasions where older software programs that rely on Java simply will not work with the latest version.  By June 18, 2013, administrators should be upgraded to Java 7.  That date will be the next scheduled security update after Java 6 has reached end of life for support.

On Friday, Apple provided updates for their iTunes product with version 11.01.  This update addresses non-security issues with their recent major upgrade in version 11.

Typically, the last two weeks of the year are very quiet for vendors releasing patches for their software.  If any vendor does release updates, I will be back next Friday with an update on the happenings in patch management.  If not, I will be getting a head start on ringing in the New Year.

Happy Patching and Happy Holidays!

– Jason Miller

Click here to learn more about how VMware Go Pro can help you better manage your IT infrastructure.

 

 

Pssst… Looking for the Perfect Gift for Your IT Person This Year? Look No Further Than VMware Go Pro!

By Andy the Angry IT Guy

It’s clear that, once again, the holiday season is upon us.

Why is that, you’re asking? Am I delirious with the spirit of the season, hanging tinsel and mistletoe around my cubicle, organizing company caroling sessions and baking festive snickerdoodle cookies for the entire office?

Of course not! Bah humbug! (Come on… were you expecting anything less from your favorite angry IT guy).

No, I know that the holiday season is approaching because rabid sales executives keep accosting me to make sure their database stays up and running as they close quarter-end deals (it does, as usual…), the HR person keeps complaining to me about Outlook calendars not synching up for people’s PTO requests (you have to click “accept”) and our psychotic marketing director nearly compromised our entire network after clicking an email with a subject line of “Cute baby triplets sing ‘Jingle Bells’ while kittens wrestle in the background” (it was a malicious virus).

Yep, people get pretty irrational around the holidays.  Luckily for me, I know have VMware Go Pro – which definitely helps me deal with the crazy here to a certain degree. I may even go so far as to say I’m “thankful” for VMware Go Pro—truth be told, it’s the best thing to happen to me this year (after my endless flirtations with Liz from Accounting and the long-awaited release of Diablo 3, that is).

VMware Go Pro has allowed me to get our virtualization project up and running with minimal headaches, and has also allowed me to ensure that the company’s infrastructure is secure and appropriately patched (which really comes in handy when your brainiac colleague inadvertently looses a Trojan onto your network).

With that in mind, I offer this gift to you, dear readers: for the rest of today, VMware is running a serious discount on VMware Go Pro in the eStore. In fact, VMware is running a series of promotions in honor of Cyber Monday in the eStore all week (including 20% savings on an annual license for VMware Go Pro).

Trust me when I say, you do not want to miss out on this. If there’s an IT person in your life, get them this gift and know that they will be forever grateful. Really, the only thing better that I can think of is a Star Trek: Next Generation reunion – which sadly won’t be happening anytime soon.

In the meantime, there’s VMware Go Pro! Check it out here – http://store.vmware.com/promo/91614000

Want to learn more about VMware Go Pro? Click here.

Weekly Links – November 27, 2012

Shhh! Can you hear that? If you listen closely, you can hear the faint whisper of Christmas music floating up from every single retail store from here to Sheboygan. With just under a month until Christmas, you can expect to have Bing Crosby and “Santa Baby” ringing in your ears for the foreseeable future. If you made it out for Black Friday this year (and it sounds like many of you did), you surely know what we mean here.

And, in the spirit of retailer-driven holiday traditions, happy Cyber Monday! VMware is getting in on the fun, too—keep an eye on our eStore for promotions throughout this coming week (including a special on VMware Go Pro on November 29!).

Now on to this week’s links:

Buggy Windows 8 patch: Old problem, new solutions (InfoWorld)

Few Enterprises Move at the Speed of Social (InformationWeek)

How IT will evolve to photonics (The Register)

Say What? Top Five IT Quotes of the Week (InternetNews)

Around the Star Trek world in 150 years (Ars Technica)

Contrary to what you’ll probably guess, this week’s apropos of nothing image is not in fact pulled from The Onion:

You can read our previous links round-ups here. And be sure to visit go.vmware.com for more information on how we can help you better manage your IT infrastructure.

Want to learn more about VMware Go Pro? Click here.

Better yet, you can try it for yourself here – for free!

This Week in Patching – 11/9/2012

By: Jason Miller, Manager, Research and Development

It has been a busy week for patch releases.  Here is a quick recap of the happenings in patch management.

Tuesday

Adobe released a new security bulletin for Adobe Flash Player and Adobe Air.  APSB12-24 addresses seven vulnerabilities and the following versions address these issues:

  • Adobe Flash Player 11.5.502.110
  • Adobe Flash Player 10.3.183.43
  • Adobe Air 3.4.0.600

It is important to note that the vulnerabilities also affect the Adobe Flash Player 10 product line as well.  In the ‘Priority and Ratings,’ ‘Affected Software Versions,’ and ‘ Summary’ on the Adobe security bulletin page do not list Adobe Flash Player 10 as an affected product.  The CVE filed on behalf of the vulnerabilities state that Adobe Flash Player 10 is indeed affected by the vulnerabilities.  In addition, the Adobe Security Bulletin page has Adobe Flash Player 10 affected in the ‘Solution’ area.

With the Adobe Flash Player release, I also saw a coordinated release effort from Google and Microsoft to address vulnerable Adobe Flash Player programs embedded in their browsers.  Google Chrome / Chrome Frame version 23.0.1271.64 fixes 14 vulnerabilities and includes the latest version of the Adobe Flash Player.  This new version of the Google browser includes a new ‘Do Not Track’ feature that sends a request to a website asking it to not track information.  On the Microsoft side, Microsoft Security Advisory 2755801 was updated to include the latest version of Adobe Flash Player for Microsoft Internet Explorer 10.

Opera also released a new version of their browser for the first time since June of this year.  Opera 12.10 addresses six vulnerabilities.  In the release notes, you will need to scroll down to the beta section to see that this release actually fixed security vulnerabilities.  They are noted in the beta section for version 12.10.

Wednesday

HP released their first update since June of this year for their System Management Homepage product.  HP System Management Homepage 7.1.2 appears to be a security update and is rated as “Recommended” from HP.    The release notes for this newer version states “Improved security features.”  Vulnerability information for HP System Management Homepage releases typically take a few weeks after the product release, so I will be watching the national vulnerability database for more information.

Thursday

Apple joined the busy patching week with a new release of Apple QuickTime.  Apple QuickTime 7.7.3 is a security update addressing nine vulnerabilities. One of the vulnerabilities fixed with this release is remarkably from 2011 (CVE-2011-1374).

Friday

AOL Instant Messenger 1.2.0.2 has been released to the mainstream.  This product typically does not have release notes associated with each version.  I will be waiting to see if a CVE is released that would mark this release as a security bulletin.

Other News

Next Tuesday marks the November 2012 edition of Patch Tuesday.  Microsoft is set to release six bulletins addressing 13 vulnerabilities.  This Patch Tuesday will be highlighted by the first security bulletin releases for the new Microsoft Windows 8 and Server 2012 operating systems.

There are reports of a Zero-day vulnerability in Adobe Reader.  No confirmation or information has been released yet by Adobe.  There is a chance that Adobe could be releasing an update for Adobe Reader on Patch Tuesday.

I will be back next Tuesday to talk in detail on all of the activities for the November 2012 Patch Tuesday.

Happy Patching!

– Jason Miller

P.S. Also, check out  a 30-day free trial of VMware Go Pro!