Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: New Java update (1.5.0u11) and a Microsoft Word 2000 vulnerability - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Java update (1.5.0u11) and a Microsoft Word 2000 vulnerability
Sun recently released (another) update for Java 1.5.0, Update 11. There are a bunch of bug fixes and I didn’t see anything serious related to security.
However, it is worth noting that this update contains time zone data that incorporates Day Light Saving changes for 2007 (we wrote about this previously, http://isc.sans.org/diary.html?storyid=2142, but will use another opportunity to remind you about the changes).
Java update should be available automatically now as well – just remember to remove the old update revisions if you don’t need them any more (after you’ve thoroughly tested all your applications, of course).

McAfee published information about a new 0-day exploit for Word. They’ve notified Microsoft and it looks like the vulnerability is limited to Denial of Service. We’ve updated the list of 0-days in Microsoft products which you can find here: http://isc.sans.org/diary.html?storyid=1940.I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Riyadh October 2019

Bojan

381 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!