BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
chalk cliff in england-resized-600.jpg

Privilege Identity Management – A Help Desk Perspective

Posted October 12, 2012    Morey Haber

Help desk technicians within a company are the first line of defensive for a new project or system problem. Most of the time, they are informed and trained that users will be getting a new piece of security software. The solution, in this case, is called Privileged Identity Management (PIM) and is designed to manage authenticated permissions…

Categories:
Vulnerability Management
Tags:
, , , , , , , ,
img

PowerBroker for Windows – Solution Deployment

Posted October 11, 2012    Morey Haber

PowerBroker for Windows (PBW) is designed to integrate directly into your corporate Active Directory (AD) structure without modifying your existing schema. In the asset labeled “1” below, an administrator simply loads a Group Policy Option (GPO) snap-in onto an asset that uses the Microsoft Management Console (MMC).  The administrator can then create policies and rules…

Categories:
Vulnerability Management
Tags:
, , , , , , , ,
xnsoft

XnView JLS Heap Overflow

Disclosed October 4, 2012    Fully Patched
Vendors: XnSoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
turbosoft

TurboFTP Server Buffer Overflow

Disclosed October 3, 2012    Fully Patched
Vendors: TurboSoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
bestknownsecret-2

PowerBroker for Windows, Best Known Secrets – Collections

Posted October 1, 2012    Morey Haber

One of the best-known secrets about PowerBroker for Windows is the ability to logically group rules into Collections. This Best Practice allows you to organize rules based on almost any criteria and treat multiple rules as a single entity. This feature is most useful when: Rules require the same item-level targeting Organizing rules into physical…

Categories:
Vulnerability Management
Tags:
, , , , ,
weakcertificates-retina

Retina Helps Identify Weak Certificates

Posted September 25, 2012    Jerome Diggs

Microsoft has released a Security Advisory for the upcoming patch to increase minimum bit levels of certificates to 1024 bit security advisory 2661254.  The expected release date for this patch is Oct 9th at which time the update will be available through Windows Update. This change to the minimum bits level of certificates will change…

Categories:
Vulnerability Management
Tags:
, , , , ,
reuters

Security News Roundup | September 2012

Posted September 24, 2012    Sarah Lieber

September was an active month in terms of security commentary and news; ranging from an alleged Apple data hack to an IE 0day out-of-band patch release. Since I’m sure many of you are still catching up on the news, for your convenience I’ve included some of the more insightful September coverage below.

Categories:
Vulnerability Management
Tags:
, , ,

IE 0day Fixed in Out-of-Band Patch

Posted September 21, 2012    The eEye Research Team

Microsoft has released a patch to fix the IE 0day, CVE-2012-4969, along with four other privately reported CVEs that lead to remote code execution (CVE-2012-1529, CVE-2012-2546, CVE-2012-2548, and CVE-2012-2557). One interesting thing to note is that CVE-2012-2546 and CVE-2012-2548 only affect the most recent version of Internet Explorer, IE 9. The now-patched 0day, CVE-2012-4969, affects…

Categories:
Vulnerability Management
Tags:
, , , ,
android4_skate

How important is Android 4 to BYOD?

Posted September 19, 2012    Scott Ellis

Android 4 (so far dubbed Ice Cream Sandwich for 4.0.x or Jelly Bean for 4.1.x) is a significant upgrade to the user experience adding in many refinement and features.  For enterprises dealing with the Bring Your Own Device (BYOD) movement, some of these upgrades can be a double-edged sword.

Categories:
General
Tags:
, , , , , , ,
IE-0day

Mmm, Smells Like 0day

Posted September 17, 2012    BeyondTrust Research Team

Just when you thought we were out of the woods, Internet Explorer 0day shows up, in the wild. Here’s what you need to know about the vulnerability: Internet Explorer 6, 7, 8, and 9 are vulnerable (UPDATE: Out-of-band patch available now!) Use-after-free when the CMshtmlEd object is deleted and then the same area in memory…

Categories:
Vulnerability Management
Tags:
, , , , , ,