BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Posts Tagged ‘Microsoft’

Patch Tuesday MS15-078

November 2014 Patch Tuesday

Posted November 11, 2014    BeyondTrust Research Team

This month brings a massive number of bulletins and vulnerabilities covering a wide array of Microsoft products. As with most months some of the more critical vulnerabilities to patch immediately are within Internet Explorer and kernel privilege escalation vulnerabilities. There are also a lot of other unique vulnerabilities that will vary on criticality depending on…

Tags:
, , , ,
Patch Tuesday MS15-078

October 2014 Patch Tuesday

Posted October 14, 2014    BeyondTrust Research Team

This October Microsoft has released eight security bulletins that cover a variety of Windows technologies from client-application attacks that would be useful in drive-by web attacks to privilege escalation vulnerabilities useful as second stage payloads to elevate from a standard user to having increased Administrator privileges. We recommend patching MS14-056 (Internet Explorer) first and then…

Tags:
, , ,

On-Demand Webcast: The Little JPEG that Could (Hack Your Organization) with Marcus Murray

Posted September 10, 2014    Chris Burd

IT security has come a long way, but every once in a while you see something that makes you think otherwise. Every day, internal and external hackers breach and traverse “secure” environments, making you wonder just how easy it is for attackers to completely compromise your network. In a new on-demand BeyondTrust webcast, Marcus Murray,…

Tags:
, , , , ,
Patch Tuesday MS15-078

September 2014 Patch Tuesday

Posted September 9, 2014    BeyondTrust Research Team

This September Microsoft has released four security bulletins that cover a good level of Windows based attack surface. The two vulnerabilities that you should look to patch most immediately are MS14-052 (Internet Explorer) and MS14-054 (Windows Task Scheduler). Rounding things out you should get MS14-053 (.NET) done followed by MS14-055 (Lync) if applicable to your…

Tags:
, , ,
patch-tuesday

August 2014 Patch Tuesday

Posted August 12, 2014    BeyondTrust Research Team

This August Microsoft has released nine security bulletins which account for a whole variety of critical vulnerabilities. The most critical bulletins are MS14-051 (Internet Explorer), MS14-045 (Kernel-mode), and MS14-049 (Windows Installer). MS14-043 fixes a critical code execution vulnerability within Windows Media Center (people still use that?). The vulnerability itself is specifically within a COM object…

Tags:
, , ,
patch-tuesday

Retina Vulnerability Audits – June 2014 Patch Tuesday

Posted June 11, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this June 2014 Patch Tuesday.

Tags:
, , ,
Patch Tuesday MS15-078

June 2014 Patch Tuesday

Posted June 10, 2014    BeyondTrust Research Team

This June we are greeted with 7 different Microsoft Security bulletins for Patch Tuesday. MS14-030 covers a vulnerability within Remote Desktop that could allow for tampering with RDP session data. The sky is not falling here though as in order for an attacker to perform this tampering they need to already be on the same network…

Tags:
, , ,
pass-hash-img1

How to Stop Pass-the-Hash Attacks on Windows Desktops

Posted June 2, 2014    Morey Haber

The recent publication of attack techniques and the lack of preventative tools have forced enterprises to rely on ineffective techniques to mitigate this risk. Fortunately, by removing administrative rights from all users and leveraging a Windows privilege management solution like PowerBroker for Windows, you can mitigate this risk throughout your organisation. Some of these techniques…

Tags:
, , , , , , , , ,
patch-tuesday

May 2014 Patch Tuesday

Posted May 13, 2014    BeyondTrust Research Team

May’s Patch Tuesday contains eight bulletins addressing 13 issues, fixing Internet Explorer, SharePoint Server, Office, Group Policy Preferences, Windows, the .NET Framework, and iSCSI. MS14-022 fixes three vulnerabilities in Microsoft SharePoint Server, the worst of which could be used to execute arbitrary code on a targeted SharePoint server. The attacker would need to be authenticated…

Tags:
, , ,
patch-tuesday

April 2014 Patch Tuesday

Posted April 8, 2014    BeyondTrust Research Team

April’s Patch Tuesday brings four patches to us, fixing Microsoft Word, Internet Explorer, Windows file handling, and Microsoft Publisher. It also brings us the final patches for Windows XP and Office 2003. MS14-017 fixes a zero-day vulnerability, CVE-2014-1761, in Microsoft Word that has been exploited in the wild. The vulnerability has to do with handling…

Tags:
, , ,