Tag: vulnerability
-
Patch Tuesday released closely followed by emergency update
Bumper crop of patches plus further fix leave known holes open. This month’s ‘Patch Tuesday’ security bulletin from Microsoft contained eight separate updates, two more than previously announced, covering a total of 28 vulnerabilities. Six of the updates were labelled ‘critical’, although some sources rate all equally high and find the flaws covered susceptible to…
-
Worm targets MS08-067 vulnerability
Exploit attack patches flaw once system penetrated. A worm has been seen taking advantage of the vulnerability in Microsoft ‘s Windows Server Service , patched out-of-cycle last month in the MS08-067 announcement. The worm takes advantage of machines yet to be patched by tardy administrators, and once it is installed it proceeds to patch the…
-
Two updates in Microsoft’s November’s patch release
Just two updates released by Microsoft this month: one rated critical, one important. Microsoft has issued two updates in the November round of its monthly patch release cycle, one of them rated ‘critical’. The critical update addresses vulnerabilities in Microsoft XML Core Services which could be exploited to create a web page that would cause…
-
Microsoft issues emergency patch
Out-of-cycle update fixes serious, wormable flaw. Microsoft has issued an emergency update to cover a serious vulnerability in the Windows Server service, breaking its usual monthly ‘Patch Tuesday’ cycle of security fixes. The flaw was considered serious enough to merit an urgent patch release, although Microsoft will only confirm having seen the usual ‘limited, targeted’…
-
Vulnerability test raises hackles
Secunia suite trial slates lack of PoC detection, but test methods called into question. Vulnerability specialist Secunia published the results of a trial of internet security suites this week, with stark findings showing very poor detection rates of the selection of exploits and proof-of-concept overruns used. However, the test has run into considerable criticism from…
-
Four critical updates this Patch Tuesday
11 updates to be issued by Microsoft in October’s monthly patch release: 4 critical. Microsoft has prepared a total of 11 updates for the October round of its monthly patch release cycle, with four updates being rated ‘critical’. The four critical updates cover vulnerabilities in Active Directory , Internet Explorer , Microsoft HIS ( Host…
-
Four critical updates in Patch Tuesday release
Monthly security update small but vital. Microsoft has released its monthly ‘Patch Tuesday’ batch of security updates, with only four items on the list but all of them marked ‘critical’. The four updates affect Microsoft Office , Windows Media Player , Media Encoder , and GDI+ , a core component of Windows . All the…
-
DNS flaw exploitation danger growing
Slow patchers targeted by sophisticated attacks. The serious vulnerability in the implementation of DNS systems has been targeted by malicious attacks, as security watchers have been predicting since the flaw was first disclosed. With many developers and service providers yet to implement patching regimes for the issue, those still leaving their servers open for spoofing…
-
Trend OfficeScan flaws labelled highly critical
Web-delivered products at risk of allowing remote access. A set of vulnerabilities have been reported in Trend Micro ‘s Officescan product, which have been flagged with the ‘Highly Critical’ rating by vulnerability watchers at Secunia as exploitation could allow execution of code from remote sources. The vulnerabilities, buffer overflows in ActiveX objects used by the…
-
Patch Tuesday sees serious DNS flaws fixed
Nothing marked critical, but some very important patches issued. Microsoft ‘s latest ‘Patch Tuesday’ round of security updates for once contains no bulletins marked as ‘critical’, but some of the four updates labelled ‘important’ address major issues posing serious threats to web users worldwide. Two of the patches fix problems with Exchange Server and Windows…