BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
apple

iOS 7 Lock Screen Bypass

Disclosed September 19, 2013    Fully Patched
Vendors: Apple
Vulnerability Severity: Medium
Exploit Impact: Information Disclosure
Exploit Availability:
Categories:
Zeroday Tracker
cisco

Cisco AnyConnect Secure Mobility Client Local Privilege Escalation

Disclosed September 19, 2013    Zeroday : 455 days
Vendors: Cisco
Vulnerability Severity: Medium
Exploit Impact: Insecure Library Loading
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
LOLZ

Land of the Rising IE 0day

Posted September 17, 2013    BeyondTrust Research Team

A new Internet Explorer zeroday has surfaced that affects every supported version of Internet Explorer. It has been observed in the wild in targeted attacks in Japan. Current attacks are focusing on exploiting Internet Explorer 8 and 9 on Windows XP and 7 machines. This is a use-after-free vulnerability in mshtml.dll, which is a DLL…

Categories:
Security Research
Tags:
,
microsoft

IE 8/9 mshtml.dll NULL_IMPORT_DESCRIPTOR Use After Free

Disclosed September 17, 2013    Fully Patched, Workaround Available
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
proftpd

ProFTPd Denial of Service

Disclosed September 11, 2013    Zeroday : 463 days
Vendors: ProFTPd
Vulnerability Severity: Medium
Exploit Impact: Denial of Service
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
patch-tuesday

September 2013 Patch Tuesday

Posted September 10, 2013    BeyondTrust Research Team

September’s Patch Tuesday fixes vulnerabilities in SharePoint, Outlook, Word, Excel, Kernel drivers, and more. There are a total of 13 patches, fixing 47 unique CVEs; four bulletins are rated critical and nine bulletins are rated important. MS13-067 addresses ten vulnerabilities in SharePoint server, including versions 2003, 2007, 2010, and 2013, along with Office Web Apps…

Categories:
Vulnerability Management
Tags:
,
allplayer

ALLPlayer Buffer Overflow Vulnerability

Disclosed September 10, 2013    Zeroday : 464 days
Vendors: ALLPlayer
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker
dlink

D-Link DSL-2740B Router Cross-Site Request Forgery

Disclosed September 8, 2013    Fully Patched
Vendors: D-Link
Vulnerability Severity: Low
Exploit Impact: Cross-Site Request Forgery
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
CNN-Syria-Maiffret

Marc Maiffret Interviewed on CNN: the ‘hacking war’ between the US and Syria

Posted September 4, 2013    Mike Yaffe

Last week CNN broadcast an investigative story about a potential ‘hacking war’ between the US and Syria, in light of possible US military strikes on Syria.  They wanted to know more about the ‘Syrian Electronic Army’, which shut down the NY Times website last week.  So the CNN team called on Marc to help explain…

Categories:
General
Tags:
, , , , , , ,
cisco

Cisco Global Site Selector Cross-Site Request Forgery

Disclosed September 4, 2013    Zeroday : 470 days
Vendors: Cisco
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Request Forgery
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker