Video Screencast Help
Security Response
Showing posts tagged with Vulnerabilities & Exploits
Showing posts in English
PraveenSingh | 08 Apr 2014 18:24:52 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of 11 vulnerabilities. Seven of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-...

PraveenSingh | 11 Mar 2014 18:52:34 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing five bulletins covering a total of 23 vulnerabilities. Nineteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the March releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-mar

The following is a breakdown of the issues being addressed this...

Symantec Security Response | 14 Feb 2014 23:58:13 GMT

In an earlier blog, Symantec highlighted that we were investigating reports of a zero-day exploit affecting Internet Explorer 10 in the wild. Now we have further details on the attack leveraging this new zero-day, Microsoft Internet Explorer CVE-2014-0322 Use-After-Free Remote Code Execution Vulnerability (CVE-2014-0322).

IE 0 day edit.png

Figure. Watering hole attack using IE 10 0-day

Anatomy of the attack

The target of this watering hole attack was the vfw.org (Veterans of Foreign Wars) website. While this attack was active, visitors to the site would encounter an IFrame which was inserted by the attackers in order to...

Dinesh Theerthagiri | 11 Feb 2014 19:49:38 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing seven bulletins covering a total of thirty-one vulnerabilities. Twenty-five of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the February releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms14-feb

The following is a breakdown of the issues being...

Symantec Security Response | 05 Feb 2014 00:15:11 GMT

Adobe has published a Security Bulletin for Adobe Flash Player CVE-2014-0497 Remote Code Execution Vulnerability (CVE-2014-0497). The new Security Bulletin, APSB14-04, identifies an integer underflow vulnerability which affects various versions of Adobe Flash Player across multiple platforms. Exploitation of this critical vulnerability could allow an attacker to remotely execute arbitrary code. Adobe has acknowledged that exploitation of the vulnerability has been reported in the wild.

Per the bulletin, the following versions of Adobe Flash Player are vulnerable:

  • Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.335 and earlier versions for Linux

Symantec Security Response is continuing to monitor the situation for additional information related to this...

Dinesh Theerthagiri | 14 Jan 2014 19:24:29 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing four bulletins covering a total of six vulnerabilities. All six of this month's issues are rated ’Important’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the January releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Jan

The following is a breakdown of the issues being addressed...

Dinesh Theerthagiri | 10 Dec 2013 19:53:34 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eleven bulletins covering a total of 24 vulnerabilities. Ten of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the December releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Dec

The following is a breakdown of the...

Dinesh Theerthagiri | 12 Nov 2013 20:13:13 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 19 vulnerabilities. Nine of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the November releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Nov

The following is a breakdown of the...

Dinesh Theerthagiri | 08 Oct 2013 20:00:32 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing eight bulletins covering a total of 26 vulnerabilities. Sixteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the October releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Oct

The following is a breakdown of the...

Dinesh Theerthagiri | 10 Sep 2013 19:59:32 GMT

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing thirteen bulletins covering a total of 47 vulnerabilities. Thirteen of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the September releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Sep

The following is a breakdown of...