BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Security Research

DLL Preloading Attacks in the Wild

Posted August 24, 2010    The eEye Research Team

After several public discussions and the swift patching of Apple iTunes, Microsoft has issued the security advisory KB2269637  to address DLL Hijacking or Preloading vulnerabilities within all versions of Microsoft Windows. This advisory covers a 10 year old flaw within the Windows operating system and how it handles the loading of Dynamic Link Libraries (.DLL…

Microsoft Patch Tuesday – August 2010

Posted August 10, 2010    Chris Silva

As everyone knows by now, this was a gigantic patch Tuesday with Microsoft delivering 14 security bulletins (in addition to the out-of-band bulletin from last week).  On top of that, Adobe patched Flash and ColdFusion.  It is once again going to be a long night for IT and security engineers everywhere. One important thing to note is…

Tags:
, ,

Microsoft Patch Tuesday – June 2010

Posted June 8, 2010    Chris Silva

Before we get into today’s details, apologies for the lack of an advanced notification post last Thursday – I was out of the office and good ghost writers are hard to find these days. As for the security bulletins, Microsoft answered back with ten this month – gone is the hope of leaving at a…

Tags:
,

Microsoft Patch Tuesday – May 2010

Posted May 11, 2010    Chris Silva

Well, as mentioned on Thursday, it was a relatively small Patch Tuesday from Microsoft. Here are our recommendations for the two security updates. You can find our full write-up in newsletter format here. MS10-030 – Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) Administrators are urged to roll out this…

Microsoft Patch Tuesday Advanced Notification – May 2010

Posted May 6, 2010    Chris Silva

It’s that time again, and Microsoft has just released their advanced notification for next week’s Patch Tuesday. Luckily for those still recovering from the April Patch Tuesday, this month should be a bit easier. Microsoft has announced it will be releasing two patches. They have been classified as: * Critical (2 Patches) All currently supported…

Microsoft Revises MS10-025 – Says “Please Stand By”

Posted April 22, 2010    Chris Silva

Yesterday, Microsoft released a major revision to MS10-025 (Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution). While Microsoft revises security bulletins frequently, rarely do you see a major revision within a week of the original release. The reason for this revision is that “the original security update did not protect systems from…

Patch Tuesday Updates

Posted April 13, 2010    Chris Silva

As promised, here are the recommendations related to today’s Patch Tuesday. You can find our full write-up in newsletter format here. MS10-019 – Vulnerabilities in Windows Could Allow Remote Code Execution (981210) Administrators are urged to roll out this patch as soon as possible to all Windows systems. Until these systems are patched, it is…

Microsoft Patch Tuesday Advanced Notification

Posted April 8, 2010    Chris Silva

Microsoft just released their advanced notification for next week’s Patch Tuesday – and it’s a big one. This time around, Microsoft will be releasing a total of 11 patches, fixing a total of 25 vulnerabilities. They have been classified as: • Critical (5 Patches) • Important (5 Patches) • Moderate (1 Patch) All currently supported…