A few stories surfaced yesterday talking about "devastating" vulnerabilities in Windows' Kerberos. Today's vlog explores whether or not these are new issues, how severe they really are, and where you can learn how to mitigate them. (Episode Runtime: 3:44) Direct YouTube Link: https://www.youtube.com/watch?v=yxcoqfagLfI EPISODE REFERENCES: The Register's edited article … [Read more...]
Grab Microsoft's Out-of-Cycle Kerberos Patch
During last week's Microsoft Patch Day, I pointed out that Microsoft had delayed two of the expected bulletins. This week, they released one of those delayed updates, and rate it as a Critical issue. According to the MS14-068 Security Bulletin, Kerberos suffers from a local privilege elevation flaw that could allow attackers to gain full control of your entire … [Read more...]
Weak Passwords are Good? – WSWiR Episode 113
Oracle Patches, Project Zero, and Password Problems Another week, another big batch of InfoSec news. If your IT job is already overwhelming you with tasks, leaving you no time to keep up with computer and network security, "I've got ya bro." Check out our weekly security news summary for all the important action. Today's episode covers Oracle's quarterly Critical Patch Update … [Read more...]
Windows Updates Fix Relatively Minor Kernel and Kerberos Flaws
Severity: Medium Summary: These vulnerabilities affect: All current versions of Windows and the components that ship with it How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network traffic and enticing users to run malicious applications Impact: In the worst case, a local attacker can gain complete control of your Windows … [Read more...]