Like clockwork, Microsoft has posted the first Patch Day of the new year. In a word, I'd summarize it as average. As they forewarned in their advanced notification last week, Microsoft released seven security bulletins today, which include six updates for Windows and one update for a Microsoft development tool (specifically an AntiXSS library). They only rate one of the … [Read more...]
WatchGuard Releases WSM v11.5.1 Update 1: XSS Flaws Corrected
Severity:High 15 December, 2011 Summary: This vulnerability affects: WatchGuard System Manager (WSM) v11.5.1 How an attacker exploits it: Multiple vectors of attack, including enticing you to click a maliciously crafted link, or sending specially crafted network traffic through an XTM appliance and having you view the resulting logs in our Web UI Impact: In the worst case, … [Read more...]
Eleven Windows Bulletins Patch Many Critical Vulnerabilities
Critical SMB, OLE, and .NET Flaws Corrected Severity: High 14 June, 2011 Summary: These vulnerabilities affect: All current versions of Windows and components that ship with it (as well as some optional components like .NET Framework) How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network traffic or enticing your users to view … [Read more...]
Thirteen Windows Bulletins Patch 18 Security Holes
Critical SMB, DNS, and ActiveX Flaws Corrected Severity: High 12 April, 2011 Summary: These vulnerabilities affect: All current versions of Windows and components that ship with it How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network traffic or enticing your users to view malicious images Impact: Various results; in the … [Read more...]
Firefox 4 Improves Speed and Security
For any Firefox fans out there, Mozilla has released version 4, which you can download now. Firefox 4 contains a number of improvements, but the most relevant to this blog are its security updates. One of Firefox 4's new features is called Content Security Policy (CSP). This feature helps to prevent Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks. In … [Read more...]