BeyondTrust

Security In Context

Bringing you news and commentary on solutions and strategies for protecting your critical IT infrastructure.

Archive for September, 2012

weakcertificates-retina

Retina Helps Identify Weak Certificates

Microsoft has released a Security Advisory for the upcoming patch to increase minimum bit levels of certificates to 1024 bit security advisory 2661254.  The expected release date for this patch is Oct 9th at which time the update will be available through Windows Update. This change to the minimum bits level of certificates will change…

Post by Jerome Diggs September 25, 2012
Tags:
, , , , ,
BeyondTrust is the expert source of VMware Security LEARN MORE
reuters

Security News Roundup | September 2012

September was an active month in terms of security commentary and news; ranging from an alleged Apple data hack to an IE 0day out-of-band patch release. Since I’m sure many of you are still catching up on the news, for your convenience I’ve included some of the more insightful September coverage below.

Post by Sarah Lieber September 24, 2012
Tags:
, , ,

IE 0day Fixed in Out-of-Band Patch

Microsoft has released a patch to fix the IE 0day, CVE-2012-4969, along with four other privately reported CVEs that lead to remote code execution (CVE-2012-1529, CVE-2012-2546, CVE-2012-2548, and CVE-2012-2557). One interesting thing to note is that CVE-2012-2546 and CVE-2012-2548 only affect the most recent version of Internet Explorer, IE 9. The now-patched 0day, CVE-2012-4969, affects…

Post by The eEye Research Team September 21, 2012
Tags:
, , , ,
android4_skate

How important is Android 4 to BYOD?

Android 4 (so far dubbed Ice Cream Sandwich for 4.0.x or Jelly Bean for 4.1.x) is a significant upgrade to the user experience adding in many refinement and features.  For enterprises dealing with the Bring Your Own Device (BYOD) movement, some of these upgrades can be a double-edged sword.

Post by Scott Ellis September 19, 2012
Tags:
, , , , , ,
IE-0day

Mmm, Smells Like 0day

Just when you thought we were out of the woods, Internet Explorer 0day shows up, in the wild. Here’s what you need to know about the vulnerability: Internet Explorer 6, 7, 8, and 9 are vulnerable (UPDATE: Out-of-band patch available now!) Use-after-free when the CMshtmlEd object is deleted and then the same area in memory…

Post by BeyondTrust Research Team September 17, 2012
Tags:
, , , , , ,
img-63

New Integration of Retina CS & PowerBroker Windows to Provide Context-Aware Privilege Management

Every day there are new vulnerabilities being discovered that can be used to compromise your organizations computing environment.

Post by Peter McCalister September 16, 2012
Tags:
, , ,
9.11

September 11th – Lest We Forget.

Today marks the 11 year anniversary of the “September 11th” attacks. It is on these days of remembrance that our memory serves as a tool to heal us, to free us from the emotional burdens that can keep us from moving forward. This happens not by allowing these memories to fade from our consciousness, but…

Post by Marc Maiffret September 11, 2012
Tags:
, , , , , , ,
scanner-ui

Xen Server Escape Exploit News

In today’s ever expanding virtualized data center it’s critical to ensure hypervisors/host systems are properly secured and patched to prevent bleed over into often dense populations of the corporate infrastructure.  According to a recent blog post on Threatpost, French research firm VUPEN security has revealed exploit code that takes advantage of a vulnerability in Xen…

Post by Jerome Diggs September 10, 2012
Tags:
, , , , , , , , , , , ,
img13

4 Tips to Identify, Patch & Report on the Oracle Java Vulnerability

Last week our security research team provided some very enlightening information on a nasty Oracle Java vulnerability that until recently was a zero-day.  Oracle provided a patch for the vulnerability found in advisory (CVE-2012-4681)  and as a follow-up to the blog post by our security research team we wanted to share with you some easy…

Post by Jerome Diggs September 7, 2012
Tags:
, , , , ,
helpdesk

Helpdesk Troubleshooting with PowerBroker

In the past, organizations would rely on helpdesk technicians walking from desktop to desktop to troubleshoot desktop problems for end users. Nowadays, “Sneakernet” is almost dead, and helpdesks are levering remote control products to troubleshoot problems for end users. Remote control is great for troubleshooting, but when a user is running as a standard user…

Post by Peter McCalister September 5, 2012