BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

December, 2012

ieflaw

Another (sigh) IE Zero-Day

Posted December 30, 2012    BeyondTrust Research Team

Unfortunately, the security industry was not going to escape 2012 without seeing yet another zero-day vulnerability in Microsoft’s Internet Explorer. It has been discovered that a targeted attack, leveraging a zero-day in IE, has been posed against the Council on Foreign Relations Portal. The technical origin of the flaw is as follows: the vulnerability occurs…

Tags:
, , , , , ,
microsoft

Internet Explorer CButton Use-After-Free Vulnerability

Disclosed December 28, 2012    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
sclogoupdated_1448

BeyondTrust Named 2012 Industry Innovator by SC Magazine

Posted December 21, 2012    Sarah Lieber

We’re happy to announce that SC Magazine has recognized BeyondTrust as a 2012 Industry Innovator! Read the report here. What SC Magazine Says. “BeyondTrust is far more than a one-trick pony. The company’s creativity and drive to innovate is what keeps this organization at the forefront of its market. Like many companies, currently and in…

Tags:
, , , , ,
wipers

Batchwiper: How I Learned to Worry Less and Love Least Privilege Security

Posted December 19, 2012    BeyondTrust Research Team

With news coming from Iran’s CERT of a nasty (but not really nasty) new piece of malware designed to wipe drives and desktop contents on a specific date, we took the straightforward approach of examining what common, easily implemented security best practices could have stopped Batchwiper in its tracks… As far as malware goes, Batchwiper…

Java-Logo

JRE 6 automatic upgrade to JRE 7, coming soon

Posted December 19, 2012    BeyondTrust Research Team

Starting this month, Oracle will be automatically replacing Java Runtime Environment (JRE) 6 installations with JRE 7 installations on a small amount of users’ systems (the users are randomly chosen). This will be done to ensure that the automatic upgrading mechanism is working properly. In February 2013, the last public version of JRE 6 (Java…

Tags:
, , , , , , ,
adobe

Multiple Vulnerabilities in Adobe Shockwave Player

Disclosed December 17, 2012    No Patch Available
Vendors: Adobe
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
bt-bb-acq

Media Coverage Roundup | BeyondTrust Acquires Blackbird Group

Posted December 12, 2012    Sarah Lieber

Today we announced the acquisition of Blackbird Group, a leader in Windows system management. With this addition, BeyondTrust furthers our vision to simplify IT security operations management, while providing customers much-needed context to improve decision-making to protect against both internal and external security threats. We’re happy to welcome the Blackbird Group! Read the official announcement now….

Tags:
, , , , , , , ,
thumbnail

December 2012 Patch Tuesday: Oracle Outside In, TrueType, and more

Posted December 11, 2012    Carter Jones

December’s Patch Tuesday brings us a great collection of vulnerabilities, ranging from Oracle Outside In vulnerabilities within Exchange to TrueType vulnerabilities in every version of Windows. It seems like these are the vulnerabilities that just keep giving. Along with these, other bugs were squashed in Internet Explorer, Microsoft Word, Windows File Handling, DirectPlay, and IP-HTTPS….

sumatrapdf

Sumatra PDF Integer Overflow

Disclosed December 9, 2012    Fully Patched
Vendors: SumatraPDF (Krzysztof Kowalczyk)
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
12DaysofChristmas

12 Days of Giveaways Starts Now! Join Our 12 Twitter Days of Christmas!

Posted December 6, 2012    Qui Cao

Say hello to holiday fun and frolic! Starting TODAY, we’re running our 2nd Annual 12 Twitter Days of Christmas campaign! It’s time to celebrate the season of magic and what a better way to do so than with 12 days of giveaways from BeyondTrust? How to Participate in BeyondTrust’s 12 Twitter Days of Christmas: Here’s…

Tags:
, , , ,