BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Posts Tagged ‘Microsoft’

patch-tuesday

Emergency Microsoft Internet Explorer Security Update MS15-09315

Posted August 18, 2015    BeyondTrust Research Team

Microsoft released an out-of-band patch to address a critical vulnerability that affects all versions Internet Explorer. It should be noted that Windows 10 is also affected due to its default installation of IE 11.

Tags:
,
Patch Tuesday MS15-078

August 2015 Patch Tuesday

Posted August 11, 2015    BeyondTrust Research Team

August brings with it another hefty Patch Tuesday containing 14 bulletins in total. As usual, Internet Explorer and Office patch their monthly dose of memory corruption vulnerabilities, while more atypical vulnerabilities present themselves in forms ranging from Cross-Site Scripting to command line parsing.

Tags:
,
Patch Tuesday MS15-078

Microsoft Patches a Critical Vulnerability in Adobe Type Manager Font Driver

Posted July 20, 2015    BeyondTrust Research Team

Today, Microsoft released the MS15-078 bulletin containing a patch for yet another flaw in the Adobe Type Manager Font Driver (atmfd.dll). This patch, coming just shy of a week after Microsoft’s monthly Patch Tuesday event, fixes a kernel pool overflow vulnerability (CVE-2015-2426), which can allow remote code execution with full system rights. The vulnerability lies…

Tags:
,
patch-tuesday

July 2015 Patch Tuesday

Posted July 14, 2015    BeyondTrust Research Team

July’s Patch Tuesday is a hefty one, clocking in with 14 bulletins, including the typical misfits – Internet Explorer and Office. Last month’s missing bulletin (MS15-058) is now included, patching important-rated vulnerabilities within SQL Server.

Tags:
,
patch-tuesday

June 2015 Patch Tuesday

Posted June 9, 2015    BeyondTrust Research Team

This month’s Patch Tuesday is a bit on the lighter side with only 8 bulletins. In total, 45 distinct vulnerabilities are addressed with over half belonging to Internet Explorer. At the time of release, Microsoft seemed to skip the MS15-058 bulletin, so we’ll be sure to keep an eye out for it.

Tags:
,
patch-tuesday

May 2015 Patch Tuesday

Posted May 13, 2015    BeyondTrust Research Team

This month’s Patch Tuesday is massive, to say the least, with a total of 13 bulletins, affecting many products and all versions of Windows. Earlier this month, Microsoft announced that the upcoming Windows 10 will not follow the typical Patch Tuesday cycle and updates will be provided when they become available.

Tags:
, ,
patch-tuesday

April 2015 Patch Tuesday

Posted April 14, 2015    BeyondTrust Research Team

Microsoft gave everyone a breather in this month’s Patch Tuesday, serving up fixes for a surprisingly modest 26 vulnerabilities. The fixes address various flaws including remote code execution, information disclosure, security feature bypass and cross-site scripting to name a few. Let’s dive right in: MS15-032 – Cumulative Security Update for Internet Explorer (3038314) IE makes…

Tags:
, ,
patch-tuesday

March 2015 Patch Tuesday

Posted March 10, 2015    BeyondTrust Research Team

Microsoft patched 44 CVEs across 14 bulletins this month, with vulnerabilities in Internet Explorer and Adobe Font Driver necessitating the bulk of those fixes. With so many bulletins, it was only natural that a wide variety of security flaws were found:  remote code execution, elevation of privilege, denial of service, information disclosure, cross-site scripting, spoofing and security feature bypass were all present and accounted…

Tags:
, ,
patch-tuesday

February 2015 Patch Tuesday

Posted February 10, 2015    BeyondTrust Research Team

Microsoft patched a fairly hefty 58 CVEs across 9 bulletins this month, with Internet Explorer taking the lion’s share of those fixes. Among the offending flaws are remote code execution, security bypass, elevation of privilege, and information disclosure vulnerabilities. MS15-009 fixes 41 assorted flaws in Internet Explorer including remote code execution, ASLR bypass, privilege elevation…

Tags:
, ,
patch-tuesday

January 2015 Patch Tuesday

Posted January 14, 2015    BeyondTrust Research Team

Starting off the new year, Microsoft directs its focus more toward user rights and access. For the majority of bulletins, an attacker would need some form of authentication prior to elevating their privileges. Aside from these, the most notable vulnerability lies within an old friend named Telnet, which even the newer versions of windows are…

Tags:
,