If you're anything like me, your late December schedule is quickly filling with holiday parties, family activities, and seasonal days off. This means if you want to secure your Microsoft environment before the end of the year, you better get started earlier rather than later. Today, Microsoft released seven security bulletins fixing at least 11 vulnerabilities in many of their … [Read more...]
Windows Updates Fix Relatively Minor Kernel and Kerberos Flaws
Severity: Medium Summary: These vulnerabilities affect: All current versions of Windows and the components that ship with it How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network traffic and enticing users to run malicious applications Impact: In the worst case, a local attacker can gain complete control of your Windows … [Read more...]
Four Windows Updates Plug Seven Security Holes
Bulletins Affect RDP, DNS Server, Kernel-Mode Drivers, and More Severity: High Summary: These vulnerabilities affect: All current versions of Windows and components that ship with it (One flaw also affects Small Business Server 2003) How an attacker exploits them: Multiple vectors of attack, including sending specially crafted packets to vulnerable computers Impact: Various … [Read more...]
WatchGuard Releases WSM v11.5.1 Update 1: XSS Flaws Corrected
Severity:High 15 December, 2011 Summary: This vulnerability affects: WatchGuard System Manager (WSM) v11.5.1 How an attacker exploits it: Multiple vectors of attack, including enticing you to click a maliciously crafted link, or sending specially crafted network traffic through an XTM appliance and having you view the resulting logs in our Web UI Impact: In the worst case, … [Read more...]
Patch BIND 9 to Avoid DNS Outages
Earlier this week, the Internet Systems Consortium (ISC) released a BIND 9 update to fix two serious Denial of Service (DoS) vulnerabilities in the popular, open source DNS server software. The two DoS flaws differ technically, but essentially share the same scope and impact. By sending specially crafted packets to your BIND 9 server, an attacker could leverage these flaws to … [Read more...]