Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.


April, 2010

As MS Updates End, How Should You Prepare?

Posted April 29, 2010    Morey Haber

Another deadline in operating system maintenance has been set by Microsoft, which has indicated this month it will no longer support the following as of July 13, 2010: ·   Windows XP SP2; users should upgrade to Service Pack 3 or Windows 7 ·  Extended support for Windows 2000 will terminate. MS will no longer…

Never Lose Your License Keys or Proof of Ownership Again

Posted April 23, 2010    Morey Haber

I had the unfortunate experience this weekend of working with Microsoft’s Genuine Office Validation Product. Let me give you the skinny on this one. Microsoft released an update that validates whether your operating system or office product is genuine or a bootleg copy several years ago. The system verifies the registration with an online database…

Are You Putting All Your Eggs in One Virtual Basket?

Posted April 22, 2010    Brad Hibbert

With the annual VMWare Virtualization forum 2010 coming to a city near you this spring, I thought this might be a good time to explore some of the virtualization initiatives and challenges that eEye’s customers frequently deal with.

Microsoft Revises MS10-025 – Says “Please Stand By”

Posted April 22, 2010    Chris Silva

Yesterday, Microsoft released a major revision to MS10-025 (Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution). While Microsoft revises security bulletins frequently, rarely do you see a major revision within a week of the original release. The reason for this revision is that “the original security update did not protect systems from…

Five Ways to Protect Your Systems from Insecure Update Engines

Posted April 22, 2010    Morey Haber

A few weeks ago both Microsoft and Apple released updates for some of their solutions. The process for upgrading was simple for each product, but annoying since each product uses its own update engine. These updates made me think how many actual update engines are currently present on my home and business computers.

Welcome Video from Kevin Hickey, CEO

Posted April 22, 2010    Kevin Hickey

Kevin Hickey, CEO of eEye Digital Security, announces the launch of a new blog dedicated to vulnerability management and assessment. With featured bloggers that include security industry experts and product management visionaries, the new “Security Focus” is sure to provide a wealth of critical information.

RIP Microsoft Windows Vista SP0

Posted April 14, 2010    Chris Silva

Just a quick note – in all the commotion yesterday, I forgot to mention that Microsoft officially ended support for Microsoft Windows Vista SP0 (Windows Vista without any service packs installed). This means that unless they have a change of heart, Microsoft will not be releasing any updates (including security patches) to Vista SP0. Customers…

Patch Tuesday Updates

Posted April 13, 2010    Chris Silva

As promised, here are the recommendations related to today’s Patch Tuesday. You can find our full write-up in newsletter format here. MS10-019 – Vulnerabilities in Windows Could Allow Remote Code Execution (981210) Administrators are urged to roll out this patch as soon as possible to all Windows systems. Until these systems are patched, it is…


Trellian FTP Client Buffer Overflow

Disclosed April 12, 2010    Zeroday : 2001 days
Vendors: Trellian
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available

Microsoft Patch Tuesday Advanced Notification

Posted April 8, 2010    Chris Silva

Microsoft just released their advanced notification for next week’s Patch Tuesday – and it’s a big one. This time around, Microsoft will be releasing a total of 11 patches, fixing a total of 25 vulnerabilities. They have been classified as: • Critical (5 Patches) • Important (5 Patches) • Moderate (1 Patch) All currently supported…