Currently Viewing Posts Tagged security

WordPress maintenance and security updates 3.5.1

It is time to upgrade WordPress to the latest 3.5.1. It is a maintenance and security update.

From the announcement post, this maintenance release addresses 37 bugs with version 3.5, including:

  • Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases.
  • Media: Fix a collection of minor workflow and compatibility issues in the new media manager.
  • Networks: Suggest proper rewrite rules when creating a new network.
  • Prevent scheduled posts from being stripped of certain HTML, such as video embeds, when they are published.
  • Work around some misconfigurations that may have caused some JavaScript in the WordPress admin area to fail.
  • Suppress some warnings that could occur when a plugin misused the database or user APIs.

Additionally: Version 3.5.1 fixes a few security issues:

  • Server-side request forgery (SSRF) and remote port scanning via pingbacks. Fixed by the WordPress security team.
  • Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon Cave of the WordPress security team.
  • Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5 was released to address this issue.

Continue reading “WordPress maintenance and security updates 3.5.1”

Windows Updates 2012-10

Microsoft monthly Security updates released today.
Only one critical update
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)

Six important updates

  • Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)
  • Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
  • Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)
  • Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)
  • Vulnerability in Kerberos Could Allow Denial of Service (2743555)
  • Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)

windows-update-201210

more details about this update here.

Firefox 15.0.1 released, keep it update on your computer

A NEW FIREFOX 15.0.1 Has been released today august 6 2012 to update click on help >about firefox>check for updates At this time 5:00pm EDT mozilla has not updated the full download at there website, It is available from other download sites.(majorgeeks, softpedia, freewarefiles,etc 17mb in size. A minor bug fix for private browsing.

Upgrade to WordPress 3.4.2

WordPress 3.4.2 released today. I did a quick upgrade on my WordPress installations.
It is a security update, so, do not wait.
Fix some issues with older browsers in the administration area.
Fix an issue where a theme may not preview correctly, or its screenshot may not be displayed.
Improve plugin compatibility with the visual editor.
Address pagination problems with some category permalink structures.
Avoid errors with both oEmbed providers and trackbacks.
Prevent improperly sized header images from being uploaded.

Continue reading “Upgrade to WordPress 3.4.2”

Windows Updates 2012-08

Microsoft released his monthly updates every second Tuesday. Now it is August 2012 updates.

Five critical updates.

  • Cumulative Security Update for Internet Explorer (2722913)
  • Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135)
  • Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594)
  • Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573)
  • Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358)

windows-updates-1208

See Microsoft Security Bulletin Summary for August 2012

Keep your Windows updates and security.

Protect Proftpd server by restricting IP address allowed

There are so many hackers or what ever name for them, want to login ftp server of my VPS server.
The one of the most simplest way is to deny all IP address except specific IP address.
The FTP server running on VPS is Proftpd.
To do the limitation, just edit /etc/proftpd.conf
Add the following in the end.

Order allow,deny
Allow from 96.49., 64.180., 24.81.
Deny from all

Continue reading “Protect Proftpd server by restricting IP address allowed”

Notice from Burst.Net for Windows Server

Microsoft has critical vulnerability in the Remote Desktop Protocol. So, the Burst.net send me the email about it, as below.

Recently, Microsoft published a security bulletin and recommended fix for a critical vulnerability in the Remote Desktop Protocol (CVE-2012-0002), which has the potential to impact all versions of Windows from XP through the most recent developer preview. This vulnerability allows for remote code execution by an unauthenticated attacker. More information is currently available at https://technet.microsoft.com/en-us/security/bulletin/ms12-020.
Microsoft has issued a statement confirming that CVE-2012-0002 was privately reported. This problem has been given an Exploitability Index of 1, indicating that exploit code is likely. See http://technet.microsoft.com/en-us/security/cc998259 for more details.
At this time, we are highly recommending that all clients who may be impacted by this issue:
1. IMMEDIATELY apply the provided patch.
2. Enable Network Level Authentication – This will require any potential exploits to first successfully authenticate to the server before an RDP session is established.
NOTE: This RDP solution is just one of many security patches released by Microsoft this week.
Regards,
BURSTNET®

Continue reading “Notice from Burst.Net for Windows Server”

Upgrade MovableType 5.13

It is a mandatory security updates. As 6A said:

Movable Type 5.13, 5.07, and 4.38 were released as mandatory security updates. These updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x. The vulnerabilities were found as a result of our internal security audit, except the one reported from Trustwave (TWSL2012-002). All users must upgrade to this latest release immediately.

Upgrade process is very simple. Download the tar file, decompress it, copy all files to overwrite the old files.
When log in, it will automatically go to mt-upgrade script.
It also has some new features.
Account and IP Lockout
Account lockout is a feature to protect your Movable Type account from a password-guessing attack known as a brute force attack or a dictionary attack. Movable Type locks out accounts after defined number of incorrect password attempts.
Changing Password Validation Rules
A system administrator can set password validation policies to let users to use stronger passwords.
Stronger Password Encryption

Continue reading “Upgrade MovableType 5.13”

  • Archives