BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
patch-tuesday

May 2014 Patch Tuesday

Posted May 13, 2014    BeyondTrust Research Team

May’s Patch Tuesday contains eight bulletins addressing 13 issues, fixing Internet Explorer, SharePoint Server, Office, Group Policy Preferences, Windows, the .NET Framework, and iSCSI. MS14-022 fixes three vulnerabilities in Microsoft SharePoint Server, the worst of which could be used to execute arbitrary code on a targeted SharePoint server. The attacker would need to be authenticated…

Categories:
Security Research
Tags:
, , ,
zeroday-default

CH Radyo 2 Cross-Site Scripting Vulnerability

Disclosed May 4, 2014    Zeroday : 137 days
Vendors: CH Radyo
Vulnerability Severity: Medium
Exploit Impact: Cross-Site Scripting
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
oracle-software-delivery-cloud

Accelerate and Simplify Deployment of PowerBroker Privilege Management Solutions with Oracle VM Templates

Posted May 1, 2014    Chris Burd

On April 17th, Oracle and BeyondTrust experts Doan Nguyen and Paul Harper shared how leveraging Oracle VM Templates can automate and simplify the deployment of the PowerBroker for UNIX & Linux privilege management solution across your IT environment. See below for an embedded, on-demand recording of the webcast. Oracle and BeyondTrust Team Up The partnership…

Categories:
General
Tags:
, , , , , ,
Cybozu

Cybozu Garoon API Security Bypass

Disclosed April 30, 2014    Zeroday : 141 days
Vendors: Cybozu
Vulnerability Severity: Medium
Exploit Impact: Security Bypass
Exploit Availability: No Exploit Available
Categories:
Zeroday Tracker

Internet Explorer 0day: CVE-2014-1776

Posted April 29, 2014    BeyondTrust Research Team

Over the weekend, on April 26, Microsoft released an advisory about an Internet Explorer use-after-free zeroday vulnerability, CVE-2014-1776, that is being exploited in the wild. The vulnerability lies within MSHTML.dll, and affects Internet Explorer 6 through 11. According to FireEye, attacks have been spotted in the wild targeting Internet Explorer 9 through 11. The observed…

Categories:
General
Tags:
, , , ,
microsoft

Internet Explorer Use-After-Free

Disclosed April 26, 2014    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability: Privately Available
Categories:
Zeroday Tracker
PBW-cricklewood sample RCS

Managing Rules the Easy Way with PowerBroker for Windows Collections

Posted April 25, 2014    Morey Haber

One of the least-known secrets about PowerBroker for Windows is the ability to create logical groups of rules, or “collections.” Rules automate the actions taken by PowerBroker to enforce system and application access policies on Windows servers and desktops. In addition to making it easy to manage rules, collections enable you to enforce parent rules…

Categories:
Privileged Account Management
Tags:
, , , , , , , ,

April VEF Participant Wins a Apple iPad mini

Posted April 24, 2014    Qui Cao

Every month we host our Vulnerability Expert Forum (VEF) webinar. This is a time where our experts share valuable insight regarding new vulnerabilities that are discovered and the actions that need to be taken as a result. It’s a quick way to get up to speed on current potential risks to your organization and a way to…

Categories:
Vulnerability Management
cfos

cFos 3.09 Denial of Service

Disclosed April 24, 2014    Zeroday : 147 days
Vendors: cFos
Vulnerability Severity: Medium
Exploit Impact: Denial of Service
Exploit Availability: Publicly Available
Categories:
Zeroday Tracker
smart rules manager for vulnerabilities - v2

A New Way of Looking at Vulnerabilities in Your Environment

Posted April 23, 2014    Morey Haber

Assets, users, vulnerabilities and exploits; all are common themes in my posts on BeyondInsight. With BeyondInsight v5.1, we unveiled a new way to view exploitable assets. Sure, most vulnerability management solutions link vulnerability data to exploit information, allowing tools like NeXpose and QualysGuard to list an asset, its vulnerabilities, and any related exploits. BeyondInsight does…

Categories:
Vulnerability Management
Tags:
, , , , ,