BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:
patch-tuesday

Microsoft Patch Tuesday – February 2011

Posted February 8, 2011    Chris Silva

Microsoft is back at it with a fairly large release today, including 12 security bulletins which patch a total of 22 vulnerabilities. Six of the bulletins address zero-day vulnerabilities (MS11-003, MS11-004, MS11-005, MS11-006, MS11-011, and MS11-013) including two (MS11-003, MS11-006) that have public exploit code circulating. MS11-013 (Kerberos) is most likely similar to vulnerabilities that…

Categories:
Security Research
anonymous

Wikileaks Could be You Without Privilege Identity Management

Posted February 8, 2011    Peter McCalister

Those that follow this blog have probably seen us write on Wikileaks before. We covered it here and eWeek invited us to cover the topic for their knowledge center here. Our message is that Wikileaks isn’t just for government or military organizations. Half of the leaked information on Wikileaks is on private organizations and Julian has suggested that corporations are next on the chopping block.

Categories:
General
thumb_default

eEye for the Win

Posted February 7, 2011    Marc Maiffret

At the start of every year employees of eEye gather for our yearly company kick-off. We discuss what we did right in the previous year and ways that we can improve in this New Year. We talk about our product roadmap and the sales and marketing strategies for the year. We also answer the question that is probably more important than anything: “What type of company do we want to be?”

Categories:
General
apple

An Apple (Compliance) a Day Keeps the Doctor (Auditors) Away

Posted February 7, 2011    Peter McCalister

There’s an old wives’ tale that explains “an apple a day keeps the doctor away.” While this advice may not always be the case in the medical industry, it is absolutely accurate when it comes to the world of IT compliance. When you regularly incorporate apples (compliance) into your daily enterprise diet, the doctors (auditors) that come won’t find ailments that need to be fixed.

Categories:
Privileged Account Management
microsoft

Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution

Disclosed February 7, 2011    No Patch Available
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
microsoft

Microsoft Office Excel Office Art Object Parsing Remote Code Execution

Disclosed February 7, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
microsoft

Microsoft Office Excel Axis Properties Record Parsing Remote Code Execution

Disclosed February 7, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
microsoft

Microsoft Excel 2007 Office Drawing Layer Remote Code Execution

Disclosed February 7, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
microsoft

Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution

Disclosed February 7, 2011    Fully Patched
Vendors: Microsoft
Vulnerability Severity: High
Exploit Impact: Remote Code Execution
Exploit Availability:
Categories:
Zeroday Tracker
Intentional Harm

Cutting Pay? Think Least Privilege First

Posted February 4, 2011    Peter McCalister

There was a big story in Network World about an IT staffer who sold his own company pirated software, used corporate servers for his own purposes and even downloaded credit card information.

Categories:
Privileged Account Management