Microsoft Patch Tuesday for October '14

In October's Patch Tuesday, Microsoft has rolled out eight security bulletins covering 24 security vulnerabilities across Windows, .Net Framework and Internet Explorer (IE). The update also cover a bug which reportedly targets NATO machines. The advisory contains three security bulletins declared as CRITICAL i.e., MS14-056 addresses Internet Explorer, MS14-057 addresses .NET Framework and MS14-058 addresses Microsoft Windows kernel mode driver. According to cyber security researcher from FireEye, two 0-day vulnerabilities targeting Windows Machines used by some major corporations are being exploited by cyber criminals. One of the patches addresses Sandworm cyberattack that allows remote code execution on Microsoft Windows Server 2008 and Windows Server 2012. Other five remaining updates are rated as IMPORTANT covering issues in ASP.NET MVC, Windows OLE and Microsoft office applications. <more>

Oracle Critical Patch Update fixes 155 vulns

This month is quite busy for system admins as there are plenty of security updates available due to Microsoft Patch Tuesday along with Adobe, Firefox, OpenSSL and now Oracle has released 155 security vulnerabilities in its quarterly update. The CPU addresses 25 bugs related to Oracle Java SE, 24 fixes for security flaws in Oracle MySQL, 31 fixes for Oracle Database Server in which only two could be remotely exploited without authentication. Besides this, 15 security fixes for Oracle Sun Systems, Oracle Fusion Middleware gets 18 fixes and 10 fixes for flaws in Oracle E-Business Suite. Oracle PeopleSoft Products and Oracle Supply Chain Products Suite also get 5 fixes each. The CPU contains 7 fixes for Oracle Virtualization while 2 fixes for Oracle Communications Applications. <more>

Google Chrome 38 gets HUGE patch this month

Google released the latest version of Chrome browser fixing almost around 159 security vulnerabilities. It's usually not often that Google addresses too many security patches simultaneously. Out of 159 bugs, 113 fixes related to minor vulnerabilities. Google also patched multiple high-risk vulnerabilities and one highly critical flaw in the V8 engine and IPC that brings $27,000 bug bounty reward for a researcher Juri Aedla that allows attackers to bypass sandbox and execute arbitrary code. <more>