[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Microsoft scratches BEAST patch at last minute, but fixes Duqu bug



http://www.computerworld.com/s/article/9222639/Microsoft_scratches_BEAST_patch_at_last_minute_but_fixes_Duqu_bug

By Gregg Keizer
Computerworld
December 13, 2011

Microsoft today issued 13 security updates, one less than expected, that patched 19 vulnerabilities in Windows, Internet Explorer (IE), Office, and Windows Media Player.

The company punted on one bulletin it had planned to deliver today after SAP told it that the patch broke some of its software.

"The bulletin scheduled to address Security Advisory 2588513 was postponed due to a third-party application compatibility issue that will be addressed by the vendor, with whom we're working directly," Jerry Bryant, group manager in Microsoft's Trustworthy Computing team, said in a statement.

The scrubbed security update was to fix the SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 bug demonstrated in September 2011 by researchers who crafted a hacking tool dubbed BEAST, for "Browser Exploit Against SSL/TLS."

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn