Last week, we received reports of severe vulnerabilities affecting BIND 9 and Android.
Last week, Microsoft patched a critical vulnerability affecting all versions of Windows. Google has released a new version of Chrome, WordPress has been updated, and a new vulnerability enabling unlimited password-guesses in OpenSSH was made public.
On June 20, rumors began circulating that Microsoft was planning to issue an out-of-band security update to address a critical vulnerability affecting all versions of Windows .
This evening, Microsoft issued Security Bulletin MS15-078 , detailing a vulnerability in the Microsoft Font Driver. More specifically, CVE-2015-2426 is a vulnerability caused by how the Windows Adobe Type Manager Library handles OpenType fonts. The vulnerability enables remote code execution (RCE) if a user opens a specially crafted document, or visits a webpage containing embedded, malicious OpenType fonts. This bulletin replaces the patch issued on July 14 for MS15-077 .
Last week, zero-day vulnerabilities were reported for Adobe Flash Player and Java. Microsoft ended support for Windows Server 2003 and Security Essentials for Windows XP, and researchers warned of serious weaknesses affecting the RC4 algorithm.
Last week, several zero-day vulnerabilities affecting Adobe Flash Player were reported. KINS Malware Builder was leaked, and OpenSSL patched a high-severity vulnerability.