BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

September, 2012

weakcertificates-retina

Retina Helps Identify Weak Certificates

Posted September 25, 2012    Jerome Diggs

Microsoft has released a Security Advisory for the upcoming patch to increase minimum bit levels of certificates to 1024 bit security advisory 2661254.  The expected release date for this patch is Oct 9th at which time the update will be available through Windows Update. This change to the minimum bits level of certificates will change…

Tags:
, , , , ,
reuters

Security News Roundup | September 2012

Posted September 24, 2012    Sarah Lieber

September was an active month in terms of security commentary and news; ranging from an alleged Apple data hack to an IE 0day out-of-band patch release. Since I’m sure many of you are still catching up on the news, for your convenience I’ve included some of the more insightful September coverage below.

Tags:
, , ,

IE 0day Fixed in Out-of-Band Patch

Posted September 21, 2012    The eEye Research Team

Microsoft has released a patch to fix the IE 0day, CVE-2012-4969, along with four other privately reported CVEs that lead to remote code execution (CVE-2012-1529, CVE-2012-2546, CVE-2012-2548, and CVE-2012-2557). One interesting thing to note is that CVE-2012-2546 and CVE-2012-2548 only affect the most recent version of Internet Explorer, IE 9. The now-patched 0day, CVE-2012-4969, affects…

Tags:
, , , ,
android4_skate

How important is Android 4 to BYOD?

Posted September 19, 2012    Scott Ellis

Android 4 (so far dubbed Ice Cream Sandwich for 4.0.x or Jelly Bean for 4.1.x) is a significant upgrade to the user experience adding in many refinement and features.  For enterprises dealing with the Bring Your Own Device (BYOD) movement, some of these upgrades can be a double-edged sword.

Tags:
, , , , , ,
IE-0day

Mmm, Smells Like 0day

Posted September 17, 2012    BeyondTrust Research Team

Just when you thought we were out of the woods, Internet Explorer 0day shows up, in the wild. Here’s what you need to know about the vulnerability: Internet Explorer 6, 7, 8, and 9 are vulnerable (UPDATE: Out-of-band patch available now!) Use-after-free when the CMshtmlEd object is deleted and then the same area in memory…

Tags:
, , , , , ,
microsoft

Internet Explorer execCommand Use-After-Free

Disclosed September 17, 2012    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
img-63

New Integration of Retina CS & PowerBroker Windows to Provide Context-Aware Privilege Management

Posted September 16, 2012    Peter McCalister

Every day there are new vulnerabilities being discovered that can be used to compromise your organizations computing environment.

Tags:
, , ,
trendmicro

Trend Micro InterScan Messaging Multiple Vulnerabilities

Disclosed September 13, 2012    No Patch Available
Vendors: Trend Micro
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Request Forgery, Cross-Site Scripting
Exploit Availability: Publicly Available
9.11

September 11th – Lest We Forget.

Posted September 11, 2012    Marc Maiffret

Today marks the 11 year anniversary of the “September 11th” attacks. It is on these days of remembrance that our memory serves as a tool to heal us, to free us from the emotional burdens that can keep us from moving forward. This happens not by allowing these memories to fade from our consciousness, but…

Tags:
, , , , , , ,
scanner-ui

Xen Server Escape Exploit News

Posted September 10, 2012    Jerome Diggs

In today’s ever expanding virtualized data center it’s critical to ensure hypervisors/host systems are properly secured and patched to prevent bleed over into often dense populations of the corporate infrastructure.  According to a recent blog post on Threatpost, French research firm VUPEN security has revealed exploit code that takes advantage of a vulnerability in Xen…

Tags:
, , , , , , , , , , , ,