BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Security Research

Patch Tuesday MS15-078

Microsoft Patches a Critical Vulnerability in Adobe Type Manager Font Driver

Posted July 20, 2015    BeyondTrust Research Team

Today, Microsoft released the MS15-078 bulletin containing a patch for yet another flaw in the Adobe Type Manager Font Driver (atmfd.dll). This patch, coming just shy of a week after Microsoft’s monthly Patch Tuesday event, fixes a kernel pool overflow vulnerability (CVE-2015-2426), which can allow remote code execution with full system rights. The vulnerability lies…

Tags:
,
patch-tuesday

July 2015 Patch Tuesday

Posted July 14, 2015    BeyondTrust Research Team

July’s Patch Tuesday is a hefty one, clocking in with 14 bulletins, including the typical misfits – Internet Explorer and Office. Last month’s missing bulletin (MS15-058) is now included, patching important-rated vulnerabilities within SQL Server.

Tags:
,
openssl-logo

CVE-2015-1793: OpenSSL Alternative Chains Certificate Forgery

Posted July 9, 2015    BeyondTrust Research Team

This morning The OpenSSL team released a security advisory stating that the latest versions of OpenSSL contain a severe vulnerability which can allow an attacker to bypass certain certificate validation checks, enabling them to issue an invalid certificate.

Tags:
,
patch-tuesday

June 2015 Patch Tuesday

Posted June 9, 2015    BeyondTrust Research Team

This month’s Patch Tuesday is a bit on the lighter side with only 8 bulletins. In total, 45 distinct vulnerabilities are addressed with over half belonging to Internet Explorer. At the time of release, Microsoft seemed to skip the MS15-058 bulletin, so we’ll be sure to keep an eye out for it.

Tags:
,
patch-tuesday

May 2015 Patch Tuesday

Posted May 13, 2015    BeyondTrust Research Team

This month’s Patch Tuesday is massive, to say the least, with a total of 13 bulletins, affecting many products and all versions of Windows. Earlier this month, Microsoft announced that the upcoming Windows 10 will not follow the typical Patch Tuesday cycle and updates will be provided when they become available.

Tags:
, ,
5

The Delicate Art of Remote Checks – A Glance Into MS15-034

Posted April 15, 2015    Bill Finlayson

Remote vulnerability detection – using ms15-034 as an example.

Tags:
, ,
premera-breach

Premera Breach – What Happened and Was it Related to the Anthem Breach?

Posted March 18, 2015    BeyondTrust Research Team

Premera Blue Cross, a major health care services provider, recently disclosed information regarding a data breach that could impact 11 million of its customers. According to Premera’s cyberattack website created to disseminate information about the breach, hackers gained access to their systems and may have accessed customer information including names, addresses, email addresses, telephone numbers,…

Tags:
,
bank theft img

The Vulnerabilities and Privileges of Carbanak Bank Thieves

Posted February 17, 2015    BeyondTrust Research Team

Recently Kaspersky released analysis of a series of significant breaches against financial institutions by a group they have dubbed Carbanak. The attacks go back over 2 years and estimates are that potentially $1 billion dollars in total were stolen from more than 100 financial institutions. In some cases the attackers were active in victim organizations between…

Tags:
, , ,
12

Fuzzing for MS15-010

Posted February 17, 2015    Bill Finlayson

Intro This past Patch Tuesday Microsoft released MS15-010: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution.  This patch addressed multiple privately reported vulnerabilities in win32k.sys and one publicly disclosed vulnerability in cng.sys. Win32k.sys Diff The first notable thing we noticed was that several handlers for TrueType instructions, @irtp_*, were touched.  While we did…

Tags:
, ,
ghost

GHOST Vulnerability…Scary Indeed

Posted January 28, 2015    BeyondTrust Research Team

A vulnerability discovered by Qualys security researchers has surfaced within the GNU C Library that affects virtually all Linux operating systems. The vulnerability lies within the various gethostbyname*() functions and, as such, has been dubbed “GHOST.” GHOST is particularly nasty considering remote, arbitrary code execution can be achieved. In an effort to avoid taxing DNS lookups, glibc developers introduced…

Tags:
,