BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Security Research

patch-tuesday

March 2014 Patch Tuesday

Posted March 11, 2014    BeyondTrust Research Team

March’s Patch Tuesday brings five patches to us, fixing Internet Explorer, DirectShow, Silverlight, kernel-mode drivers, and the Security Account Manager Remote Protocol. MS14-012 fixes 18 unique vulnerabilities, one of which has been publicly disclosed: CVE-2014-0322. This vulnerability has been exploited as early as January 20, 2014, being used in targeted attacks against visitors to the…

Tags:
, , ,
patch-tuesday

January 2014 Patch Tuesday

Posted January 14, 2014    BeyondTrust Research Team

Welcome to 2014! This month is a light month for Patch Tuesday bulletins. Microsoft has released patches for Microsoft Word and Office Web Apps, the Windows Kernel (and drivers), and Microsoft Dynamics AX. There are a total of four bulletins addressing six unique vulnerabilities; all of which are rated as important. The NDProxy zero-day vulnerability…

Tags:
, , ,
patch-tuesday

December 2013 Patch Tuesday

Posted December 10, 2013    BeyondTrust Research Team

December’s Patch Tuesday finishes up the year with patches for Internet Explorer, Office, SharePoint, Windows, and more. There are a total of 11 bulletins addressing 24 unique vulnerabilities; five bulletins are rated as critical and the other six are rated as important. The zero-day vulnerability released just before last month’s Patch Tuesday is finally receiving…

Tags:
, , ,
patch-tuesday

November 2013 Patch Tuesday

Posted November 12, 2013    BeyondTrust Research Team

November’s Patch Tuesday cycle brings us fixes for a variety of software including Internet Explorer, the Graphics Device Interface (GDI), Office, Hyper-V, Outlook, and others. There are a total of 8 patches, fixing 19 unique vulnerabilities; three bulletins are rated as critical and the other five are rated as important. If you’ve been following the…

Tags:
, ,
patch-tuesday

October 2013 Patch Tuesday: 10 Year Anniversary Edition

Posted October 8, 2013    BeyondTrust Research Team

Happy 10th birthday, Patch Tuesday! This month marks the 10th anniversary of the Patch Tuesday process we’re all familiar with. To kick off the anniversary celebrations, October’s patch Tuesday fixes vulnerabilities in Internet Explorer, the Windows Kernel, .NET, SharePoint, Office, and more. There are a total of 8 patches, fixing 26 unique vulnerabilities; four bulletins…

Tags:
, ,
LOLZ

Land of the Rising IE 0day

Posted September 17, 2013    BeyondTrust Research Team

A new Internet Explorer zeroday has surfaced that affects every supported version of Internet Explorer. It has been observed in the wild in targeted attacks in Japan. Current attacks are focusing on exploiting Internet Explorer 8 and 9 on Windows XP and 7 machines. This is a use-after-free vulnerability in mshtml.dll, which is a DLL…

Tags:
,
Bite apple2

ABCDKERNELPANIC: Unicode vs. Apple Inc.

Posted August 29, 2013    BeyondTrust Research Team

Yesterday, Russian researchers publicly disclosed the presence of a denial of service vulnerability affecting OS X 10.8 and iOS 6. OS X 10.9 Mavericks and iOS 7 are unaffected. So what’s the big deal with this particular denial of service vulnerability? It’s remotely exploitable and is trivial to trigger. Stringing together a series of Unicode characters, Arabic \u062E\u0337\u0334\u0310\u062E,…

Tags:
, , , , , , ,
patch-tuesday

August 2013 Patch Tuesday

Posted August 13, 2013    BeyondTrust Research Team

Just a little over one week after hackers flooded Vegas for BlackHat and Defcon, August’s Patch Tuesday greets us with eight bulletins: three critical and five important. Software fixed this month includes Internet Explorer, Exchange, Windows, and Active Directory. MS13-059 addresses 11 privately disclosed vulnerabilities, including multiple memory corruptions, an information disclosure, and a privilege…

Tags:
,
patch-tuesday

July 2013 Patch Tuesday

Posted July 9, 2013    BeyondTrust Research Team

July’s patch Tuesday fixes vulnerabilities in .NET, Windows, and Internet Explorer. There are a total of seven bulletins addressing 34 unique vulnerabilities; six bulletins are rated critical and one is rated important. MS13-052 addresses a TrueType font parsing vulnerability in .NET (CVE-2013-3129, also addressed in MS13-053 and MS13-054), as well as six other vulnerabilities. This…

Tags:
, ,

May 2013 Patch Tuesday

Posted May 14, 2013    BeyondTrust Research Team

In May’s Patch Tuesday, the fixes provided by Microsoft mostly target client-sided applications, along with a fix for a server-sided component. These 10 patches address 33 vulnerabilities in Internet Explorer (including the recent 0day), .NET, Lync, Publisher, Word, Visio, Windows Essentials, Kernel mode drivers, and the HTTP.sys component. Two patches were released this month for…