Summary: These vulnerabilities affect: All current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard) How an attacker exploits them: Multiple vectors of attack, including enticing your users to visit a malicious web site, or into downloading and viewing various documents or images Impact: Various results; in the worst case, an attacker executes code on your … [Read more...]
Mozilla's Delayed Firefox 3.6.14 Update Corrects 11 Vulnerabilities
Summary: These vulnerabilities affect: Firefox 3.6.x and 3.5.x for Windows, Linux, and Macintosh How an attacker exploits it: Typically by enticing one of your users to visit a malicious web page Impact: Various results; in the worst case, an attacker executes code on your user's computer, gaining complete control of it What to do: Upgrade to Firefox 3.6.14 (or 3.5.17), or … [Read more...]
Zero Day SMB Vulnerability Affects Windows Server 2003 and XP
Yesterday, a gray hat going by the alias Cupidon-3005 posted details about a zero day Windows SMB vulnerability that could potentially allow attackers to gain control of fully patched Windows Server 2003 and XP computers. Microsoft is currently investigating this surprise release, but hasn't had time to post an early Security Advisory about the issue yet, let alone deliver a … [Read more...]
Nine Windows Bulletins Correct 15 Security Vulnerabilities
Malicious Thumbnails and Fonts Help Attackers Hack Windows Severity: High 8 February, 2011 Summary: These vulnerabilities affect: All current versions of Windows and components that ship with it How an attacker exploits them: Multiple vectors of attack, including enticing your users into opening specially crafted files, or visiting malicious websites or file shares Impact: … [Read more...]
IIS FTP Service Buffer Overflow Vulnerability
Severity: High 8 February, 2011 Summary: This vulnerability affects: The IIS FTP service running on Windows Vista, 2008, 7, and 2008 R2 How an attacker exploits it: By sending a specially crafted FTP command Impact: In the worst case, an attacker gains complete control of your IIS server What to do: Deploy the appropriate IIS update immediately, or let Windows Automatic … [Read more...]