|
Security Updates for Windows Computers
These updates fix software defects that affect security. If a defect
exists, even if you do everything right, bad things may still happen. Defects in
clients like web browsers, email clients, image viewers, instant messaging
software, and media players may allow malicious web sites, email messages, IM
messages, images, and sound files to infect or compromise your computer with no
action on your part other than viewing or listening to the web site, message, or
media. Defects in server software, like web servers, web applications, and core
operating system services, can allow your computer to be infected or compromised
just by being on the network and powered on.
For products not listed, try the
list
of vendor
web sites and security notification listservs. The
SecurityFocus
vulnerability database and the Open Source
Vulnerability Database can also be used as references for installed
software. There is also a list of vendor security resources on the
RUNSAFE site.
The Cassandra service
will allow you to set up profiles indicating products of interest to you and
receive email notifications when vulnerabilities associated with those
products are reported. The service is offered by the Center for Education and
Research in Information Assurance and Security (CERIAS) at Purdue University.
|
Microsoft Windows Critical Security Updates (
items in GREEN are automatically updated by Microsoft's update site if
computer is configured according to
StartSafe
recommendations ) |
| Updates for Windows Software Commonly Found on Desktops |
Updates for Windows based Servers and Less Common Desktop Software
( need desktop updates listed in previous column too ) |
-
( 07/02/08 ) Firefox - upgrade to
2.0.0.15
-
(
06/24/08 ) Adobe Reader and Adobe Acrobat
-
( 06/20/08 ) Apple QuickTime
-
( 06/20/08 )
Skype
-
( 06/20/08 ) Monthly Microsoft Windows security updates (
details ) NOTE: Office
2000 must be updated manually through the
Office Update web site.
-
( 05/22/08 ) Trillian (
upgrade to 3.1.10.0 )
-
( 05/13/08 ) Monthly Microsoft Windows security updates (
details ) NOTE: Office
2000 must be updated manually through the
Office Update web site.
-
( 05/05/08 ) Thunderbird -
upgrade to 2.0.0.14
-
( 05/02/08 ) HP Support. "Update may be installed on a PC as part of the
software supplied with certain HP PCs, printers, scanners, or cameras.
Customers can also download the HP Software Update for installation from the
HP Web Site." Products include but are not limited to HP color LaserJet
2820/2840.
-
( 04/17/08 ) Firefox - upgrade to
2.0.0.14
-
( 04/11/08 ) Realplayer -
upgrade to 11.0.2(
05/02/08 ) HP Support. "Update may be installed on a PC as part of the
software supplied with certain HP PCs, printers, scanners, or cameras
Customers can also download the HP Software Update for installation from the
HP Web Site."
-
(
04/09/08 ) Adobe Flash
-
( 04/09/08 ) Monthly Microsoft Windows security updates (
details ) NOTE: Office
2000 must be updated manually through the
Office Update web site.
-
( 04/03/08 ) QuickTime - upgrade
to 7.4.5
-
( 03/26/08 ) Firefox - upgrade to
2.0.0.13
-
(
03/26/08 ) Thunderbird - upgrade to 2.0.0.13 when it becomes available
-
(
03/26/08 ) SeaMonkey - upgrade to 1.1.9 when it becomes available
-
( 03/11/08 ) Monthly Microsoft Windows security updates (
details ) NOTE: Office
2000 must be updated manually through the
Office Update web site.
-
( 03/06/08 ) Java, Java Web
Start ( Upgrade to
1.6.5 or 1.5.15 or 1.4.2_17 )
- Handling Java updates is complicated. First, you have to know if it is
installed. Second, you have to know which of three versions you have ( 1.4.x,
1.5.x, 1.6.x ). There are a variety of ways to do this. Perhaps the simplest
is to visit the www.java.com web site and let it automatically detect it for
you.
- Visit the following web site and click the 'Verify now' link:
http://www.java.com/en/download/installed.jsp
- If you don't have it installed, don't install it.
- If you have it installed, the best general recommendation is to
uninstall any old versions and install the latest version of 1.6, also known
as 'Java 6'. The only exception to this recommendation is if you need one of
the older versions, ( 1.4 or 1.5 ) for a particular application you run.
This isn't likely to be the case unless you've installed special software
that requires Java or access a special web site that requires it. Often in
such cases, the application will install its own copy of Java for its own
use. For the
vast majority of people, the latest version of 1.6 is the best solution. The
latest update for any of the three versions can be installed through the
http://www.java.com/en/download/manual.jsp web site.
- Newer versions will automatically check for updates and notify the
operator when an update is available. Unfortunately, for this to happen the
operator currently needs to be logged in with Administrator privileges.
Logging in with Administrator privileges is
generally not recommended for day to day use.
- Old versions must be
manually
uninstalled using the Windows 'Add or Remove Programs' Control Panel.
-
( 02/19/08 ) Yahoo Music JukeBox
-
( 02/14/08 ) Monthly Microsoft Windows security updates (
details ) NOTE: Office
2000 must be updated manually through the
Office Update web site.
-
( 02/08/08 ) Firefox - upgrade to
2.0.0.12
-
( 02/08/08 ) Thunderbird -
upgrade to 2.0.0.12
-
(
02/08/08 ) Mozilla SeaMonkey upgrade to 1.1.8
-
(
02/08/08 ) Adobe Acrobat
-
( 02/07/08 ) Adobe Reader
-
( 02/06/08 )
QuickTime
-
( 02/06/8 ) Skype - upgrade
to 3.6*248 or later
-
( 02/06/08 ) Java ( Upgrade to
1.6.4 or 1.5.14 )
- Handling Java updates is complicated. First, you have to know if it is
installed. Second, you have to know which of three versions you have ( 1.4.x,
1.5.x, 1.6.x ). There are a variety of ways to do this. Perhaps the simplest
is to visit the www.java.com web site and let it automatically detect it for
you.
- Visit the following web site and click the 'Verify now' link:
http://www.java.com/en/download/installed.jsp
- If you don't have it installed, don't install it.
- If you have it installed, the best general recommendation is to
uninstall any old versions and install the latest version of 1.6, also known
as 'Java 6'. The only exception to this recommendation is if you need one of
the older versions, ( 1.4 or 1.5 ) for a particular application you run.
This isn't likely to be the case unless you've installed special software
that requires Java or access a special web site that requires it. Often in
such cases, the application will install its own copy of Java for its own
use. For the
vast majority of people, the latest version of 1.6 is the best solution. The
latest update for any of the three versions can be installed through the
http://www.java.com/en/download/manual.jsp web site.
- Newer versions will automatically check for updates and notify the
operator when an update is available. Unfortunately, for this to happen the
operator currently needs to be logged in with Administrator privileges.
Logging in with Administrator privileges is
generally not recommended for day to day use.
- Old versions must be
manually
uninstalled using the Windows 'Add or Remove Programs' Control Panel.
-
( 01/18/08 ) Winamp -
update to 5.52
-
(
01/18/08 ) Adobe Dreamweaver
-
(
01/18/08 ) Adobe Contribute
-
(
01/18/08 ) Adobe Connect
-
( 01/15/08 )
Apple QuickTime
-
( 01/08/08 ) Monthly Microsoft Windows security updates (
details )
-
( 12/27/07 ) Adobe/Macromedia
Flash ( upgrade to
9.0.115.0 )
-
(
12/27/07 ) HP Software Update on HP and Compaq computers ( use the software
update feature to get an update to 'fix itself'.
-
(
12/27/07 ) HP Quicklaunch button on HP and Compaq computers
-
( 12/17/07 ) HP Info Center on HP and Compaq laptops
-
( 12/14/07 ) QuickTime -
upgrade to 7.3.1 (
defect
information )
-
( 12/14/07 ) Monthly Microsoft Windows security updates (
details )
-
(
12/07/07 ) Skype - upgrade to
3.6 gold or later
-
( 12/05/07 ) Firefox - upgrade to
2.0.0.11
-
( 12/05/07 ) Thunderbird -
upgrade to 2.0.0.9
-
( 11/14/07 ) Monthly Microsoft Windows security updates (
details )
-
( 11/06/07 )
Apple QuickTime - upgrade to 7.3
-
( 11/06/07 ) Macrovision secdrv.sys driver included on Windows XP and 2003
computers -
Microsoft is
expected to provide an update for this defect through the normal
Windows update process. However,
Macrovision has
already published an update and administrators of computers having untrusted accounts should consider applying the patch as
exploitation activity
has been reported. The defect is an elevation of privilege defect - an
attacker must have access to run a program of their choosing on the target
system. An attacker that could compromise the computer another way ( e.g. web
browser exploit, social engineering ) could bypass the protection offered by
operating the computer with a user account.
-
( 11/01/07 ) Macrovision Installshield/Flexnet Connect Update Service
This product is included with other products as their installation and update
mechanism and is included on most Dell computers.
- The Good news: Vendors of many products included this update mechanism so
security updates could automatically applied to their products.
- The Bad news: The vendor of the update mechanism incorrectly marked it
safe for scripting making it possible for malicious web sites to take
advantage of its functionality to compromise a computer.
Assuming the product is active and the vendor using the product has updated
it on their site, the local computer operator will receive a popup and the
self-fix will be applied when the operator approves the update. However, the
pop-ups only appear when the operator logs in with an administrator account.
Alternatively, the update can be
manually
downloaded and installed.
Signs that this product is installed:
- Periodic appearance of a pop-up window concerning the need to check for
updates. The update notifications will mention 'Installshield'. This is not
the same pop-up as the Microsoft Windows Update one.
- The presence of the \Program Files\Common Files\Installshield\UpdateService
directory.
- The ISUSPM.exe process appearing in task manager.
-
-
(
10/26/07 ) RealPlayer, RealOne Player, Helix Player
-
(
10/23/07 ) Adobe Acrobat/Reader - upgrade to
8.1.1
-
(
10/22/07 ) RealPlayer
-
( 10/19/07 ) Firefox - update
to 2.0.0.8
-
( 10/19/07 ) Thunderbird -
update to 2.0.0.8
-
( 10/16/07 ) AOL Instant Messenger -
upgrade to 6.5
-
( 10/12/07 ) Winamp - upgrade to version
5.5
-
( 10/10/07 ) Monthly Microsoft Windows security updates (
details )
-
( 10/10/07 )
( 10/05/07 ) Java ( Upgrade to
1.6.3 or 1.5.13 or 1.4.2_16 )
Handling Java updates is complicated. First, you have to know if it is
installed. Second, you have to know which of three versions you have ( 1.4.x,
1.5.x, 1.6.x ). There are a variety of ways to do this. Perhaps the simplest
is to visit the www.java.com web site and let it automatically detect it for
you.
- Visit the following web site and click the 'Verify now' link:
http://www.java.com/en/download/installed.jsp
- If you don't have it installed, don't install it.
- If you have it installed, the best general recommendation is to
uninstall any old versions and install the latest version of 1.6, also known
as 'Java 6'. The only exception to this recommendation is if you need one of
the older versions, ( 1.4 or 1.5 ) for a particular application you run.
This isn't likely to be the case unless you've installed special software
that requires Java or access a special web site that requires it. Often in
such cases, the application will install its own copy of Java for its own
use. For the
vast majority of people, the latest version of 1.6 is the best solution. The
latest update for any of the three versions can be installed through the
http://www.java.com/en/download/manual.jsp web site.
- Newer versions will automatically check for updates and notify the
operator when an update is available. Unfortunately, for this to happen the
operator currently needs to be logged in with Administrator privileges.
Logging in with Administrator privileges is
generally not recommended for day to day use.
- Old versions must be
manually
uninstalled using the Windows 'Add or Remove Programs' Control Panel.
-
-
( 10/04/07 )
QuickTime
-
(
09/20/07 ) Firefox - upgrade to
2.0.0.7
-
( 09/18/07 ) PhotoChannel
Networks Photo Upload. "The PhotoChannel Networks Photo Upload Plugin is
an ActiveX control that allows a user to upload multiple photographs using the
Internet Explorer web browser. This ActiveX control is used by photo centers
for multiple retailers, including Costco, Kmart, Wal-Mart, Sam's Club, Brooks
Pharmacy, Eckerd Pharmacy, Black's Photo Centre, Hy-Vee, Rexall, and Visions
Electronics." Visiting the site that issued the control will install a
new control and disable the old, defective control. Until that is done, the
computer will remain vulnerable to malicious web sites.
-
( 09/17/07 ) Monthly Microsoft Windows security updates (
details )
-
( 09/06/07 )
iTunes ( upgrade to 7.4 )
-
( 08/30/07
) Yahoo Messenger
-
( 08/28/07 ) Microsoft MSN
Windows Live Messenger ( upgrade to version 8.1 or later. As of
around 09/11/07 connecting to the MSN network will require an upgrade. )
-
( 08/23/07 ) Winamp
-
( 08/23/07
) Yahoo Messenger
-
( 08/15/07 ) Monthly Microsoft Windows security updates (
details )
-
( 07/31/07 ) Firefox - upgrade to
2.0.0.6
-
(
07/29/07 ) Yahoo Widgets
-
( 07/18/07 ) Firefox - upgrade
to 2.0.0.5
-
(
07/18/07 ) Mozilla Thunderbird upgrade to 2.0.0.5
-
(
07/17/07 ) Java ( 1.4 and 1.5 only - 1.6 is not affected )
Handling Java updates is complicated. First, you have to know if it is
installed. Second, you have to know which of three versions you have ( 1.4.x,
1.5.x, 1.6.x ). There are a variety of ways to do this. Perhaps the simplest
is to visit the www.java.com web site and let it automatically detect it for
you.
- Visit the following web site and click the 'Verify now' link:
http://www.java.com/en/download/installed.jsp
- If you don't have it installed, don't install it.
- If you have it installed, the best general recommendation is to
uninstall any old versions and install the latest version of 1.6, also known
as 'Java 6'. The only exception to this recommendation is if you need one of
the older versions, ( 1.4 or 1.5 ) for a particular application you run.
This isn't likely to be the case unless you've installed special software
that requires Java or access a special web site that requires it. For the
vast majority of people, the latest version of 1.6 is the best solution. The
latest update for any of the three versions can be installed through the
http://www.java.com/en/download/manual.jsp web site.
- Old versions must be
manually
uninstalled using the Windows 'Add or Remove Programs' Control Panel.
-
-
( 07/12/07 )
QuickTime
-
(
07/11/07 ) Adobe Flash
-
( 07/10/07 ) Java
( Upgrade to
1.5.12 or
1.6.2. )
Handling Java updates is complicated. First, you have to know if it is
installed. Second, you have to know which of three versions you have ( 1.4.x,
1.5.x, 1.6.x ). There are a variety of ways to do this. Perhaps the simplest
is to visit the www.java.com web site and let it automatically detect it for
you.
- Visit the following web site and click the 'Verify now' link:
http://www.java.com/en/download/installed.jsp
- If you don't have it installed, don't install it.
- If you have it installed, the best general recommendation is to
uninstall any old versions and install the latest version of 1.6, also known
as 'Java 6'. The only exception to this recommendation is if you need one of
the older versions, ( 1.4 or 1.5 ) for a particular application you run.
This isn't likely to be the case unless you've installed special software
that requires Java or access a special web site that requires it. For the
vast majority of people, the latest version of 1.6 is the best solution. The
latest update for any of the three versions can be installed through the
http://www.java.com/en/download/manual.jsp web site.
- Old versions must be
manually
uninstalled using the Windows 'Add or Remove Programs' Control Panel.
-
-
( 07/10/07 ) Monthly Microsoft Windows security updates (
details )
-
( 06/27/07 ) RealPlayer/HelixPlayer
( update to latest version )
-
( 06/12/07 ) Monthly Microsoft Windows security updates (
details )
-
( 06/08/07
) Yahoo Messenger
|
-
( 07/03/08 ) Opera - upgrade to 9.51
-
(
07/02/08 ) SeaMonkey - upgrade to 1.1.10
-
( 06/23/08 ) Ruby (details)
-
(
06/20/08 ) VMWare - multiple server and workstation oriented products
(VMSA-2008-0009.1 )
-
(
06/20/08 ) VMWare ESX ( VMSA 2008-0010 )
-
( 06/20/08 ) Apple Safari for
Windows
-
(
06/20/08 ) Akamai Download Manager
-
( 06/20/08 ) Logitech Desktop
Messenger/BackWeb ( note - the defective control is disabled by a Microsoft
Windows update )
-
(
06/04/08 ) VMWare Workstation, Player, ACE, Fusion ( VMSA-2008-008 )
-
( 05/23/08 ) Citrix
Presentation Server
-
( 05/23/08 ) Citrix
Presentation Server
-
( 05/20/08 ) CA ArcServ Backup
-
( 05/06/08) PHP 5.2.6
-
( 05/06/08 )
Common Data Format
-
( 04/28/08
) FoxIT PDF Reader - upgrade to 2.3 build 2923 or later
-
( 04/25/08 ) HP Software Update
-
( 04/23/08 )
CA-Unicenter including Brightstore/Arcserve Backup
-
( 04/17/08 ) Safari
-
( 04/17/08 ) Oracle
-
( 04/17/08 ) OpenOffice
-
( 04/04/08 )
Opera - update to 9.27
-
(
03/21/08 ) Adobe Flash Professional ( not Adobe Flash Player )
-
( 03/18/08 ) Safari 3.1
-
(
03/18/08 ) VMWare
-
(
03/13/08 ) Adobe Form Designer and Reader
-
(
03/03/08 ) Symantec Backup Exec for Windows Server
-
( 02/25/08 ) Apache mod_jk2
-
( 02/25/08 ) BEA JRockit
-
( 02/20/08 ) MoinMoin
-
( 02/14/08 )
MySQL - upgrade to 5.1.23
-
( 02/13/08 ) Citrix Presentation Server Client
-
(
02/13/08 ) Adobe Flash Media Server
-
(
02/13/08 ) Adobe Connect Enterprise Server
-
( 02/13/08 ) Cacti
-
( 02/10/08 ) Tomcat 6 -
upgrade to 6.0.16
-
( 02/08/08 )
Wordpress
-
( 02/05/08 )
UltraVNC
-
( 01/25/08 )
uTorrent
-
( 01/22/08 ) Citrix
Presentation Server
-
( 01/16/07 ) Oracle Jinitator ( client component used to access some
Oracle Forms applications )
-
( 01/15/08 ) Oracle
-
( 01/10/08 ) AOL - the
defective component will be automatically updated the next time the computer
connects to AOL. In the meantime, the computer will be vulnerable to malicious
web sites.
-
( 01/08/08 ) PostgreSQL
-
( 01/04/08 ) PHP 4.4.x
-
( 12/27/07 ) Opera
-
( 12/18/07 ) Peercast
-
(
12/07/07 ) Cisco Security Agent
-
( 12/06/07 ) CA BrightStor ArcServe Backup
-
(
12/06/07 ) Avast! Home/Professional AntiVirus
-
(
12/05/07 ) OpenOffice
-
( 12/05/07 ) Wireshark
-
( 12/05/07 ) Seamonkey - upgrade to 1.1.7
-
( 11/20/07 ) AOL Radio - "An updated version of AOL Radio with
enhanced security features is now available. AOL recommends that you download
and install the update to get the best and most secure performance from AOL
Radio. If you use AIM or other AOL software, you will automatically receive a
prompt to update AOL Radio and you do not need to download and install this
update now. Otherwise, please download the update from the URL below and
double-click on the file to finish updating AOL Radio:
http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/unagi_patch.exe"
-
( 11/20/07 ) WinPcap
-
( 11/07/07 ) WinSCP -
upgrade to 4.0.4 ( belated entry )
-
( 11/07/07 ) Van Dyke
SecureCRT ( belated entry )
-
( 11/02/07 ) ACDsee Photo Software - install
update
( product information
here
)
-
(
10/24/07 ) Miranda Instant Messenger
-
( 10/24/07 ) Netscape
Navigator - upgrade to version 9.0.0.1
-
( 10/19/07 ) SeaMonkey - update
to 1.1.5
-
( 10/18/07 ) Oracle
-
( 10/18/07 ) Corel/Micrografx
-
( 10/17/07 )
Opera - upgrade to 9.24
-
( 10/17/07 ) IrfanView -
upgrade to 4.10
-
( 10/12/07 )
TikiWiki - upgrade to
1.9.8.1
-
( 10/12/07 ) IBM DB2
-
( 10/12/07 ) CA Brightstore
Arcserv and Enterprise Backup
-
(
10/10/07 ) Adobe Illustrator
-
( 10/08/07 ) Skype ( Upgrade to
3.5.0.239 )
-
(
10/05/07 ) Mozilla SeaMonkey - upgrade to 1.1.4
-
( 09/24/07 ) CA ArcServer for Desktops and Laptops
-
( 09/20/07 ) VMWare
-
( 09/20/07 ) Automated Solutions Modbus ActiveX control ( used in some
SCADA and other automated control applications )
-
( 09/18/07 ) WinSCP
-
( 09/18/07 ) OpenOffice ( upgrade to 2.3 )
-
( 09/06/07 ) QuickBooks Online
-
( 09/04/07 ) PHP
-
( 09/04/07 ) Apache
Struts and XWork
-
( 08/30/07 )
Borland Interbase
-
( 08/27/07 ) RealNetworks Helix
DNA Server
-
( 08/23/07 )Microgaming ( component installed by some online gaming web sites
including online casinos )
-
( 08/23/07 ) Trillian
-
(
08/23/07 ) LinkedIn toolbar
-
( 08/17/07
) IBM DB2 UDB
-
( 08/17/07
) IBM DB2
-
( 08/15/07 )
Opera - upgrade to 9.23
-
( 08/15/07 ) ESRI ARCsde
-
( 07/31/07 ) Computer Associates - multiple products including Unicenter,
eTrust, and BrightStore
-
( 07/24/07 ) tcpdump
-
( 07/20/07 ) Citrix
-
( 07/19/07 ) Opera -
upgrade to 9.22
-
( 07/17/07 ) Progress
database and OpenEdge development platform
-
( 07/17/07 ) RSA
Security products ( e.g. SecureID, ACE/Server, Authentication Manager )
-
( 07/12/07 ) Symantec Backup Exec
-
(
07/11/07 ) Adobe Photoshop CS2 and CS3
-
(
07/11/07 ) Sun Java Application Server and Web Server
-
( 07/10/07 ) GIMP
-
( 07/05/07 ) ESRI ArcSDI GIS
-
(
06/29/07 ) Sun Java WebStart
-
( 06/27/07 )
Apple Safari for Windows Beta ( upgrade to 3.0.2 )
-
( 06/22/07 ) Ingress
-
( 06/19/07 ) Cerulean Studios
Trillian
-
( 06/19/07 ) Hewlett Packard ( HP ) Help and Support Center installed on some
HP computers
-
( 06/19/07 )
Firebird SQL
-
( 06/19/07 )
BakBone Netvault
-
( 06/01/07 ) PHP
|
|
