During September a number of updates were performed to improve security and address recent issues with Diginotar security certificate trusts. These updates should be applied quickly to ensure the best levels of protection are in place.
Microsoft Security Updates - September 2011
Related Blog posts
QUOTE: Microsoft is keeping it light this September after releasing 13 security bulletins last August. They released five security bulletins for this month, all of which were rated “Important”. These bulletins resolve 15 flaws found in several software. Users are encouraged to immediately download and apply these patches. In addition, Microsoft released another non-security update to add six cross-signed DigiNotar root certificates as untrusted, following the theft of more than 500 digital certificates issued by DigiNotar. More details on this can be found in Microsoft’s official corporate security response blog.
Linux - Kernel.org recently hacked but unlikely the O/S builds were affected
Some time in August kernel.org, the repository for the Linux kernel, got hacked. The breach was discovered on August 28. Based on what we know now, it appears unlikely that any of the source code was changed, but the admins are doing a thorough review in order to confirm this and to strengthen security.
The attacker appears to have gained access to a standard user account and somehow elevated credentials to root access. How he did this we don't know yet. He made several other changes, including modifying some SSH-related files, logging user interactions and adding a trojan to the startup scripts.
As horrible and embarrassing as this sounds, it is highly unlikely that the actual kernel source was changed. The source code is managed by git, a distributed revision control system designed by Linus Torvalds. Git maintains SHA-1 hashes of each of the 40,000 files in the project and names the files based on the complete development history. The hashes are stored in multiple servers. It's impossible to make changes without being noticed.