BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
microsoft

Windows Kernel Privilege Elevation Vulnerability

Disclosed May 15, 2013    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Elevation of Privilege
Exploit Availability:
Categories:
Zeroday Tracker

May 2013 Patch Tuesday

Posted May 14, 2013    BeyondTrust Research Team

In May’s Patch Tuesday, the fixes provided by Microsoft mostly target client-sided applications, along with a fix for a server-sided component. These 10 patches address 33 vulnerabilities in Internet Explorer (including the recent 0day), .NET, Lync, Publisher, Word, Visio, Windows Essentials, Kernel mode drivers, and the HTTP.sys component. Two patches were released this month for…

Categories:
Security Research
novell

Novell Client Local Elevation of Privilege Vulnerability

Disclosed May 10, 2013    Fully Patched
Vendors: Novell
Vulnerability Severity: Medium
Exploit Impact: Elevation of Privilege
Exploit Availability:
Categories:
Zeroday Tracker
RNSS-Video-Screenshot

Data Discovery using the Retina Network Security Scanner

Posted May 9, 2013    Morey Haber

One of the challenges facing every organization is locating where Personally Identifiable Information (PII) resides on workstations and servers. This data, by nature, is sensitive. However, if this data is not properly being tracked, secured, or even encrypted it can result in data loss. This type of data loss can result in a violation of…

Categories:
Vulnerability Management
Tags:
, , , , , ,
Virtual Insecurity Infographic FINAL

Virtual Insecurity, and Ways to Combat It

Posted May 8, 2013    Mike Puterbaugh

Stating the obvious, our customers continue to make investments in virtualization. To support them, BeyondTrust has always been on the leading edge of providing tools and solutions in that regard. Whether it for managing privileges on virtual hosts, or scanning private cloud assets for flaws, BeyondTrust has always been at the forefront of security and…

Categories:
General
Tags:
, , ,
adobe

Adobe ColdFusion Arbitrary File Read Vulnerability

Disclosed May 8, 2013    Fully Patched
Vendors: Adobe
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
ibm

IBM Notes PNG Integer Overflow

Disclosed May 7, 2013    Fully Patched
Vendors: IBM
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
IE-0day

Internet Explorer 8 0day

Posted May 6, 2013    BeyondTrust Research Team

Last week, news broke that the U.S. Department of Labor’s (DoL) website was compromised… and that it had been serving up Internet Explorer 0day to its visitors. This 0day, CVE-2013-1347 (Retina Audit 19041 – Microsoft Internet Explorer 8 Remote Code Execution Vulnerability (Zero-Day)), only affects Internet Explorer 8 on Windows XP, Vista, and Windows 7 (as well as Server 2003,…

Categories:
Privileged Account Management
Tags:
, , , , , ,
joomla

Joomla! ‘se_regs[]’ Parameter SQL Injection

Disclosed May 6, 2013    Fully Patched
Vendors: Joomla! DJ Classifieds Extension
Vulnerability Severity: Medium
Exploit Impact:
Exploit Availability:
Categories:
Zeroday Tracker
belkin

(Belkin) Cisco Linksys E4200 Router Multiple Vulnerabilities

Disclosed May 6, 2013    No Patch Available
Vendors: Belkin (Linksys)
Vulnerability Severity: Medium
Exploit Impact: Elevation of Privilege
Exploit Availability:
Categories:
Zeroday Tracker