If you're anything like me, your late December schedule is quickly filling with holiday parties, family activities, and seasonal days off. This means if you want to secure your Microsoft environment before the end of the year, you better get started earlier rather than later. Today, Microsoft released seven security bulletins fixing at least 11 vulnerabilities in many of their … [Read more...]
Exchange Update Corrects Oracle Outside In Vulnerabilities
Severity: Medium Summary: These vulnerabilities affect: Exchange Server 2007 and 2010 How an attacker exploits it: By enticing a user to preview a specially crafted attachment within an email Impact: An attacker can execute code with the restricted privileges of the LocalService account What to do: Deploy the appropriate Exchange Server update as soon as possible, or let … [Read more...]
Expect a Microsoft and Adobe Patch Bonanza Next Tuesday
Microsoft and Adobe plan a tag team assault on computer administrators and users next Tuesday, when they intend to release a pile of Critical security updates. If you manage Windows PCs, you use at least two of the vulnerable products, and likely many more. So I recommend you gear up for a day of software updates next week. Let's start with Microsoft's Patch Day. According to … [Read more...]
Microsoft Exchange and Windows SMTP Service DoS Vulnerability
Summary: This vulnerability affects: All current versions of Exchange Server and many versions of Windows How an attacker exploits it: By sending specially crafted network traffic (malicious DNS MX record responses) Impact: Multiple impacts, in the worst case an attacker can crash your mail server, preventing you from receiving email What to do: Deploy the … [Read more...]