Severity: High Summary: These vulnerabilities affect: Exchange Server 2007 and 2010 How an attacker exploits it: By enticing a user to preview a specially crafted email attachment using OWA Impact: An attacker can execute code with the restricted privileges of the LocalService account What to do: Deploy the appropriate Exchange Server update as soon as possible, or let … [Read more...]
Two IE Bulletins Double the Browser Updates
Severity: High Summary: These vulnerabilities affect: Internet Explorer (IE) 10 and earlier How an attacker exploits them: Typically, by enticing one of your users to visit a web page with malicious content Impact: Various; In the worst case, an attacker can execute code on your user's computer, often gaining complete control of it What to do: Install Microsoft's Internet … [Read more...]
MS Black Tuesday: 12 Bulletins, 57 Flaws, and Lots of Work
Though not the biggest on record, today's Patch Day is no slouch. As expected, Microsoft released a dozen security bulletins, fixing 57 vulnerabilities that affect a range of their software, including: Windows (and its components) .NET Framework Internet Explorer (IE) Exchange Server Fast Search Server 2010 According to the summary alert, Microsoft rates five of the … [Read more...]
MS Black Tuesday: 12 Bulletins, 57 Flaws, and Lots of Work
Though not the biggest on record, today's Patch Day is no slouch. As expected, Microsoft released a dozen security bulletins, fixing 57 vulnerabilities that affect a range of their software, including: Windows (and its components) .NET Framework Internet Explorer (IE) Exchange Server Fast Search Server 2010 According to the summary alert, Microsoft rates five of the … [Read more...]
WatchGuard Security Week in Review: Episode 51 – Flash 0day
Flash Exploit, ICS Hacks, and Federal Reserve Bank Breach We've had another busy week of security news, with more stories than I can cover in a short video. So I'll stick to the highlights. Today's episode talks about a couple Adobe Flash zero day vulnerabilities, the latest Anonymous hijinks, some cross-platform mobile malware, and more. If you missed this week's InfoSec news, … [Read more...]