Security Bulletins
|
||||||
| 2012-02-01T00:00:00.0000000Z MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) - Version: 1.3 | ||||||
|
Severity Rating: Critical Revision Note: V1.3 (February 1, 2012): Corrected registry keys and installation switches in the deployment tables for Windows Server 2003 and Windows Server 2008, and installation switches in the deployment table for Windows Vista. This is an informational change only. There were no changes to the security update files or detection logic. Summary: This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name. |
||||||
| 2012-02-01T00:00:00.0000000Z MS11-098 - Important : Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171) - Version: 1.1 | ||||||
|
Severity Rating: Important Revision Note: V1.1 (February 1, 2012): Added a link to Microsoft Knowledge Base Article 2633171 under Known Issues in the Executive Summary. Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application designed to exploit the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
||||||
| 2012-01-27T00:00:00.0000000Z MS12-004 - Critical : Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) - Version: 1.2 | ||||||
|
Severity Rating: Critical Revision Note: V1.2 (January 27, 2012): Corrected the aggregate severity rating for the KB2631813 update package in the Affected Software table for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. This is a bulletin change only. There were no changes to the security update files or detection logic. Customers should apply all update packages offered for the software installed on their systems. See the update FAQ for details. Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
||||||
| 2012-01-24T00:00:00.0000000Z MS11-049 - Important : Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) - Version: 2.3 | ||||||
|
Severity Rating: Important Revision Note: V2.3 (January 24, 2012): Added an entry to the update FAQ to announce a detection change for KB2251481, KB2251487, and KB2251489 to correct an installation issue. This is a detection change only. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action. Summary: This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. |
||||||
| 2012-01-24T00:00:00.0000000Z MS11-025 - Important : Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) - Version: 4.2 | ||||||
|
Severity Rating: Important Revision Note: V4.2 (January 24, 2012): Added an entry to the update FAQ to announce a detection change for KB2538242, KB2538243, KB2467173, KB2538218, KB2538241, and KB2542054 to correct an installation issue. This is a detection change only. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action. Summary: This security update resolves a publicly disclosed vulnerability in certain applications built using the Microsoft Foundation Class (MFC) Library. The vulnerability could allow remote code execution if a user opens a legitimate file associated with such an affected application, and the file is located in the same network folder as a specially crafted library file. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a document from this location that is then loaded by the affected application. |
![[logo]](http://www.microsoft.com/library/toolbar/3.0/images/banners/TechNetB_masthead_ltr.gif "Microsoft Security Bulletins")
|
||||||
| SB12-037: Vulnerability Summary for the Week of January 30, 2012 | ||||||
| Vulnerability Summary for the Week of January 30, 2012 | ||||||
| SB12-030: Vulnerability Summary for the Week of January 23, 2012 | ||||||
| Vulnerability Summary for the Week of January 23, 2012 | ||||||
| TA12-024A: "Anonymous" DDoS Activity | ||||||
| "Anonymous" DDoS Activity | ||||||
| SB12-023: Vulnerability Summary for the Week of January 16, 2012 | ||||||
| Vulnerability Summary for the Week of January 16, 2012 | ||||||
| SB12-016: Vulnerability Summary for the Week of January 9, 2012 | ||||||
| Vulnerability Summary for the Week of January 9, 2012 |
|
||||||
| 2012-12-29 Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability | ||||||
| Pligg CMS 'status' Parameter SQL Injection Vulnerability | ||||||
| 2012-02-07 Vuln: OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability | ||||||
| OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability | ||||||
| 2012-02-07 Vuln: phpShowtime 'r' Parameter Directory Traversal Vulnerability | ||||||
| phpShowtime 'r' Parameter Directory Traversal Vulnerability | ||||||
| 2012-02-07 Vuln: Mozilla Firefox/Thunderbird/SeaMonkey nsDOMAttribute Use After Free Memory Corruption Vulnerability | ||||||
| Mozilla Firefox/Thunderbird/SeaMonkey nsDOMAttribute Use After Free Memory Corruption Vulnerability | ||||||
| Bugtraq: [SECURITY] [DSA 2405-1] apache2 security update | ||||||
| [SECURITY] [DSA 2405-1] apache2 security update |
![[logo]](http://www.securityfocus.com/rss/SFLogo_v1.gif "SecurityFocus")
|
||||||
| Mon, 06 Feb 2012 19:11:00 GMT Symantec warns of mutating malware in Android Market (Appolicious) | ||||||
| Appolicious - The world of mobile device malware is getting a little more dangerous with the announcement from tech security company Symantec that it has discovered malware programs that mutate every time they’re downloaded. | ||||||
| Mon, 06 Feb 2012 16:44:50 GMT Bigger US role against companies' cyberthreats? (AP) | ||||||
|
||||||
| Fri, 03 Feb 2012 22:04:57 GMT Hackers intercept FBI, Scotland Yard call (AP) | ||||||
|
||||||
| Fri, 03 Feb 2012 15:17:00 GMT Android OS rules in U.S., gets a Bouncer to keep malware out the Market (Appolicious) | ||||||
| Appolicious - The Android platform expanded its dominance in the U.S. smartphone market during Q4 of 2011, according to the latest ComScore report. Apple may have boosted its share of the mobile handset market with the release of the iPhone 4S, but Android’s still the clear winner in terms of OS use, powering 47.3 percent of surveyed subscribers. That’s up from 44.8 percent last year, growing by slightly more percentage points than Apple’s increase to 29.6 percent from 27.4 percent. | ||||||
| Fri, 03 Feb 2012 00:50:25 GMT Google tightens security in Android app store (Reuters) | ||||||
| Reuters - Google Inc has been quietly policing its online store for months now in an acknowledgement of malware's growing threat to its increasingly popular Android mobile software. |
![[logo]](http://l.yimg.com/a/i/us/nws/th/main_142c.gif "Yahoo! News")
|
||||||
| Thu, 09 Nov 2006 07:00:00 PST Cisco IPSec VPN Implementation Group Name Enumeration Vulnerability | ||||||
| This Cisco Security Notice is being released in response to the Cisco VPN Concentrator Group Name Enumeration Vulnerability advisory published on June 20, 2005 by NTA Monitor at http://www.nta-monitor.com/news/vpn-flaws/cisco/VPN-Concentrator/index.htm. |
||||||
| Fri, 21 Apr 2006 13:40:00 PST Crafted DNS Packet Can Cause Denial Of Service | ||||||
| Thu, 26 Jan 2006 14:30:00 PST Cisco IPsec VPN Implementation Group Password Usage Vulnerability | ||||||
| Mon, 07 Nov 2005 10:00:00 PST Response to BugTraq - Cisco Clean Access Agent (Perfigo) Bypass | ||||||
| This document is provided to simplify access to Cisco responses to possible product security vulnerability issues posted in public forums for Cisco customers. This does not imply that Cisco perceives each of these issues as an actual product security vulnerability. This notice is provided on an "as is" basis and does not imply any kind of guarantee or warranty. Your use of the information on the page or materials linked from this page are at your own risk. Cisco reserves the right to change or update this page without notice at any time. |
||||||
| Thu, 08 Sep 2005 07:00:00 PST CSS SSL Authentication Bypass | ||||||
| The Cisco CSS 11500 Series Content Services Switches (CSS) running Secure Socket Layer (SSL) has a vulnerability that may allow a user to bypass SSL authentication and access protected content. Cisco has made free software available to address this vulnerability. |
![[logo]](http://newsroom.cisco.com/images/mobile_newsAtCisco.png "News@Cisco")
|
||||||
| Wed, 26 Oct 2011 09:00:00 PST Attention: New Cisco Security Advisory RSS Feed Locations | ||||||
| Effective October 18, 2011, Cisco has replaced the existing RSS feeds for Cisco Security Advisories. The new RSS feeds for Cisco Security Advisories are available at http://tools.cisco.com/security/center/psirtrss10/CiscoSecurityAdvisory.xml and http://tools.cisco.com/security/center/psirtrss20/CiscoSecurityAdvisory.xml. The existing RSS feeds will continue to function until November 19, 2011. They will not receive updates after this date. |
||||||
| Wed, 26 Oct 2011 08:00:00 PST Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras | ||||||
| A denial of service (DoS) vulnerability exists in the Cisco Video Surveillance IP Cameras 2421, 2500 series and 2600 series of devices. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted RTSP TCP packets to an affected device. Successful exploitation prevents cameras from sending video streams, subsequently causing a reboot. The camera reboot is done automatically and does not require action from an operator. |
||||||
| Wed, 26 Oct 2011 08:00:00 PST Cisco Unified Contact Center Express Directory Traversal Vulnerability | ||||||
| Cisco Unified Contact Center Express (UCCX or Unified CCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) contain a directory traversal vulnerability that may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem. |
||||||
| Wed, 26 Oct 2011 08:00:00 PST Cisco Unified Communications Manager Directory Traversal Vulnerability | ||||||
| Cisco Unified Communications Manager contains a directory traversal vulnerability that may allow an unauthenticated, remote attacker to retrieve arbitrary files from the filesystem. |
||||||
| Wed, 26 Oct 2011 08:00:00 PST Buffer Overflow Vulnerabilities in the Cisco WebEx Player | ||||||
| Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. |
powered by zFeeder
Top «
