BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Security Research

Bugzilla Logo

Bugzilla ‘realname’ Parameter Account Creation Vulnerability

Posted October 8, 2014    BeyondTrust Research Team

Bugzilla, a very popular web-based bug-tracking system, has recently announced that multiple vulnerabilities have been discovered (http://www.bugzilla.org/security/4.0.14/). Perhaps the most interesting of these vulnerabilities, discovered by Netanel Rubin of Check Point Software Technologies, is one in which an attacker can automatically be added to certain groups that they were not intended to be a part…

Tags:

PowerBroker for Unix & Linux helps prevent Shellshock

Posted September 25, 2014    Paul Harper

Like many other people who tinker with UNIX and Linux on a regular basis, BASH has always been my shell of choice.  Dating back to the early days moving from Windows to a non-Windows platform, mapping the keys correctly to allow easy navigation and control helped ensure an explosion of use for the shell. Unfortunately,…

Tags:

Bash “Shellshock” Vulnerability – Retina Updates

Posted September 24, 2014    BeyondTrust Research Team

A major vulnerability was recently discovered within bash which allows arbitrary command execution via specially crafted environment variables. This is possible due to the fact that bash supports the assignment of shell functions to shell variables. When bash parses environment shell functions, it continues parsing even after the closing brace of the function definition. If…

Retina Vulnerability Audits – September 2014 Patch Tuesday

Posted September 9, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this September 2014 Patch Tuesday: MS14-052 – Cumulative Security Update for Internet Explorer (2977629) 35141 – Microsoft Cumulative Security Update for Internet Explorer (2977629) 35142 – Microsoft Cumulative Security Update for Internet Explorer (2977629) – IE8/2003 35143 – Microsoft Cumulative Security Update for Internet Explorer (2977629) – IE8…

patch-tuesday

September 2014 Patch Tuesday

Posted September 9, 2014    BeyondTrust Research Team

This September Microsoft has released four security bulletins that cover a good level of Windows based attack surface. The two vulnerabilities that you should look to patch most immediately are MS14-052 (Internet Explorer) and MS14-054 (Windows Task Scheduler). Rounding things out you should get MS14-053 (.NET) done followed by MS14-055 (Lync) if applicable to your…

Tags:
, , ,
patch-tuesday

Retina Vulnerability Audits – August 2014 Patch Tuesday

Posted August 12, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this August 2014 Patch Tuesday: MS14-043 – Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742) 34924 – Microsoft WMC Remote Code Execution (2978742) MS14-044 – Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340) 34915 – Microsoft SQL Server Multiple Vulnerabilities (2984340) – 2008 34916 –…

patch-tuesday

Retina Vulnerability Audits – July 2014 Patch Tuesday

Posted July 9, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this July 2014 Patch Tuesday: MS14-037 – Cumulative Security Update for Internet Explorer (2975687) 34517 – Microsoft Internet Explorer Cumulative Security Update (2975687) MS14-038 – Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689) 34518 – Microsoft Windows Journal (2975789) MS14-039 – Vulnerability in On-Screen Keyboard Could Allow…

patch-tuesday

July 2014 Patch Tuesday

Posted July 8, 2014    BeyondTrust Research Team

This July Microsoft has released six security bulletins which account for over 29 unique vulnerabilities. The most critical bulletins are MS14-037 (Internet Explorer), MS14-038 (Windows Journal)  and MS14-040 (Windows AFD). MS14-037 starts things off with another massive Internet Explorer update on the heels of MS14-035 from last month. This new Internet Explorer bulletin covers over…

Tags:
, ,
patch-tuesday

Retina Vulnerability Audits – June 2014 Patch Tuesday

Posted June 11, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this June 2014 Patch Tuesday.

Tags:
, , ,
patch-tuesday

June 2014 Patch Tuesday

Posted June 10, 2014    BeyondTrust Research Team

This June we are greeted with 7 different Microsoft Security bulletins for Patch Tuesday. MS14-030 covers a vulnerability within Remote Desktop that could allow for tampering with RDP session data. The sky is not falling here though as in order for an attacker to perform this tampering they need to already be on the same network…

Tags:
, , ,