Do you want to stay safe online? Then you need to keep your patches up-to-date since most Internet exploits target old flaws. Tuesday's Byte video covers Microsoft and Adobe's security bulletins for May. Watch below, but more importantly, go update. (Episode Runtime: 2:38) Direct YouTube Link: https://www.youtube.com/watch?v=tbmSGgL3TzY EPISODE REFERENCES: Summary of … [Read more...]
Two IIS Information Disclosure Vulnerabilities
Severity: Medium Summary: These vulnerabilities affect: The IIS FTP service running on Windows Vista, 2008, 7, and 2008 R2 How an attacker exploits them: By sending specially crafted FTP commands or accessing a local log file Impact: In the worst case, a local attacker can learn the credentials for a local account What to do: Deploy the appropriate IIS update at your … [Read more...]
IIS FTP Service Buffer Overflow Vulnerability
Severity: High 8 February, 2011 Summary: This vulnerability affects: The IIS FTP service running on Windows Vista, 2008, 7, and 2008 R2 How an attacker exploits it: By sending a specially crafted FTP command Impact: In the worst case, an attacker gains complete control of your IIS server What to do: Deploy the appropriate IIS update immediately, or let Windows Automatic … [Read more...]
Microsoft Black Tuesday: A dozen bulletins fix 22 vulnerabilities (but not the zero day MHTML flaw)
As expected, Microsoft posted their first big patch day of 2011 today (the last one was small). Unfortunately, the dozen security updates they released do not fix the unpatched MHTML flaw, which I mentioned in last week's early notification. Even so, the released updates fix many serious flaws. You should start upgrading as soon as you can. According to their Bulletin Summary … [Read more...]
Three IIS Flaws Allow Authentication Bypass, DoS, or Code Execution
Summary: This vulnerability affects: IIS 5.1, 6.0, 7.0 and 7.5 How an attacker exploits it: By sending specially crafted HTTP requests or URLs Impact: In the worst case, an attacker can gain complete control of your IIS server What to do: Install Microsoft's IIS update immediately, or let Windows Update do it for you Exposure: Microsoft's Internet Information Services … [Read more...]