Numerous software updates available as vulnerabilities reportedly climb sharply in 2014
21 May 2015
Home and business computer users are reminded to regularly apply security updates amid reports that United States of America authorities recorded an average of 19 new software vulnerabilities per day last year.
According to a report by a security analyst, 7,038 vulnerabilities were added to the National Vulnerability Database in 2014. The United States government established the National Vulnerability Database to act as a repository of standards based vulnerability management data. The number of vulnerabilities reported in 2014 was well ahead of the 4,794 recorded in 2013 and 4,347 reported in 2012. Many of the vulnerabilities recorded occurred in commonly used software products from leading vendors.
The report also highlighted, in particular, the need for consumers to be aware of the security risks of third‑party applications. The report claimed third-party applications accounted for more than 80 per cent of reported vulnerabilities, followed by operating systems at 13 per cent and hardware at 4 per cent.
New updates released
Last week, the Mozilla Foundation released the latest in a regular series of updates for Firefox, Firefox ESR and Thunderbird, to address vulnerabilities that could allow remote attackers to obtain sensitive information or execute arbitrary code on an affected system.
US-CERT also advised of an alert for Linux and Unix-based operating systems employing certain versions of Samba – a commonly used suite of Windows interoperability programs. The CERT noted the existence of a vulnerability that could allow a remote attacker to take control of an affected system and advised users to apply patches from Linux vendors including Debian, Red Hat, Suse and Ubuntu, with a Samba patch available for experienced users and administrators.
In addition, US-CERT advised of a vulnerability associated with certain Cisco products that could allow an unauthenticated, remote attacker to cause a denial of service condition.
Microsoft issued its regular updateson 10 February 2015 to address vulnerabilities in Windows that could enable remote code execution, security feature bypass, and privilege elevation or information disclosure.
We recommend that users review these security bulletins and apply the updates as necessary.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.