BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Security Research

patch-tuesday

November 2013 Patch Tuesday

Posted November 12, 2013    BeyondTrust Research Team

November’s Patch Tuesday cycle brings us fixes for a variety of software including Internet Explorer, the Graphics Device Interface (GDI), Office, Hyper-V, Outlook, and others. There are a total of 8 patches, fixing 19 unique vulnerabilities; three bulletins are rated as critical and the other five are rated as important. If you’ve been following the…

Tags:
, ,
patch-tuesday

October 2013 Patch Tuesday: 10 Year Anniversary Edition

Posted October 8, 2013    BeyondTrust Research Team

Happy 10th birthday, Patch Tuesday! This month marks the 10th anniversary of the Patch Tuesday process we’re all familiar with. To kick off the anniversary celebrations, October’s patch Tuesday fixes vulnerabilities in Internet Explorer, the Windows Kernel, .NET, SharePoint, Office, and more. There are a total of 8 patches, fixing 26 unique vulnerabilities; four bulletins…

Tags:
, ,
LOLZ

Land of the Rising IE 0day

Posted September 17, 2013    BeyondTrust Research Team

A new Internet Explorer zeroday has surfaced that affects every supported version of Internet Explorer. It has been observed in the wild in targeted attacks in Japan. Current attacks are focusing on exploiting Internet Explorer 8 and 9 on Windows XP and 7 machines. This is a use-after-free vulnerability in mshtml.dll, which is a DLL…

Tags:
,
Bite apple2

ABCDKERNELPANIC: Unicode vs. Apple Inc.

Posted August 29, 2013    BeyondTrust Research Team

Yesterday, Russian researchers publicly disclosed the presence of a denial of service vulnerability affecting OS X 10.8 and iOS 6. OS X 10.9 Mavericks and iOS 7 are unaffected. So what’s the big deal with this particular denial of service vulnerability? It’s remotely exploitable and is trivial to trigger. Stringing together a series of Unicode characters, Arabic \u062E\u0337\u0334\u0310\u062E,…

Tags:
, , , , , , ,
patch-tuesday

August 2013 Patch Tuesday

Posted August 13, 2013    BeyondTrust Research Team

Just a little over one week after hackers flooded Vegas for BlackHat and Defcon, August’s Patch Tuesday greets us with eight bulletins: three critical and five important. Software fixed this month includes Internet Explorer, Exchange, Windows, and Active Directory. MS13-059 addresses 11 privately disclosed vulnerabilities, including multiple memory corruptions, an information disclosure, and a privilege…

Tags:
,
patch-tuesday

July 2013 Patch Tuesday

Posted July 9, 2013    BeyondTrust Research Team

July’s patch Tuesday fixes vulnerabilities in .NET, Windows, and Internet Explorer. There are a total of seven bulletins addressing 34 unique vulnerabilities; six bulletins are rated critical and one is rated important. MS13-052 addresses a TrueType font parsing vulnerability in .NET (CVE-2013-3129, also addressed in MS13-053 and MS13-054), as well as six other vulnerabilities. This…

Tags:
, ,

May 2013 Patch Tuesday

Posted May 14, 2013    BeyondTrust Research Team

In May’s Patch Tuesday, the fixes provided by Microsoft mostly target client-sided applications, along with a fix for a server-sided component. These 10 patches address 33 vulnerabilities in Internet Explorer (including the recent 0day), .NET, Lync, Publisher, Word, Visio, Windows Essentials, Kernel mode drivers, and the HTTP.sys component. Two patches were released this month for…

January 2013 Patch Tuesday: Patches, but none for the IE 0day!

Posted January 8, 2013    BeyondTrust Research Team

Happy New Year! Starting off 2013, we’ve got a critical vulnerability within the Windows Print Spooler, and we’re still seeing bugs surface in widely used software like MSXML, the .NET framework, and SSL/TLS. January’s Patch Tuesday greets us with seven patches, addressing 12 vulnerabilities across a spectrum of Microsoft software. Two of these bulletins are…

thumbnail

December 2012 Patch Tuesday: Oracle Outside In, TrueType, and more

Posted December 11, 2012    Carter Jones

December’s Patch Tuesday brings us a great collection of vulnerabilities, ranging from Oracle Outside In vulnerabilities within Exchange to TrueType vulnerabilities in every version of Windows. It seems like these are the vulnerabilities that just keep giving. Along with these, other bugs were squashed in Internet Explorer, Microsoft Word, Windows File Handling, DirectPlay, and IP-HTTPS….

img

Don’t say “Lockdown”!

Posted October 15, 2012    Peter McCalister

Here at BeyondTrust, we have been fortunate to be able to speak with thousands of security professionals in dozens of industries, and it is astonishing how differently organizations assess risk and approach computer security. Some organizations are very strict about security and are able to completely lock down desktops. Others are significantly more lax about…

Tags:
, ,