BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Posts Tagged ‘Patch Tuesday’

patch-tuesday

December 2014 Patch Tuesday

Posted December 9, 2014    BeyondTrust Research Team

This month marks the final Patch Tuesday of 2014. Most of what is being patched this month includes Internet Explorer, Exchange, Office, etc… and continues a trend of the greatest hits collection of commonly attacked Microsoft software. Probably the one thing that broke the mold this month is that for once there is not some…

Tags:
,
Triggering MS14-066

Triggering MS14-066

Posted November 17, 2014    BeyondTrust Research Team

Microsoft addressed CVE-2014-6321 this Patch Tuesday, which has been hyped as the next Heartbleed.  This vulnerability (actually at least 2 vulnerabilities) promises remote code execution in applications that use the SChannel Security Service Provider, such as Microsoft Internet Information Services (IIS). The details have been scarce.  Lets fix that. Looking at the bindiff of schannel.dll, we see a…

Tags:
, , , , ,
patch-tuesday

November 2014 Patch Tuesday

Posted November 11, 2014    BeyondTrust Research Team

This month brings a massive number of bulletins and vulnerabilities covering a wide array of Microsoft products. As with most months some of the more critical vulnerabilities to patch immediately are within Internet Explorer and kernel privilege escalation vulnerabilities. There are also a lot of other unique vulnerabilities that will vary on criticality depending on…

Tags:
, , , ,
patch-tuesday

October 2014 Patch Tuesday

Posted October 14, 2014    BeyondTrust Research Team

This October Microsoft has released eight security bulletins that cover a variety of Windows technologies from client-application attacks that would be useful in drive-by web attacks to privilege escalation vulnerabilities useful as second stage payloads to elevate from a standard user to having increased Administrator privileges. We recommend patching MS14-056 (Internet Explorer) first and then…

Tags:
, , ,
patch-tuesday

September 2014 Patch Tuesday

Posted September 9, 2014    BeyondTrust Research Team

This September Microsoft has released four security bulletins that cover a good level of Windows based attack surface. The two vulnerabilities that you should look to patch most immediately are MS14-052 (Internet Explorer) and MS14-054 (Windows Task Scheduler). Rounding things out you should get MS14-053 (.NET) done followed by MS14-055 (Lync) if applicable to your…

Tags:
, , ,
patch-tuesday

August 2014 Patch Tuesday

Posted August 12, 2014    BeyondTrust Research Team

This August Microsoft has released nine security bulletins which account for a whole variety of critical vulnerabilities. The most critical bulletins are MS14-051 (Internet Explorer), MS14-045 (Kernel-mode), and MS14-049 (Windows Installer). MS14-043 fixes a critical code execution vulnerability within Windows Media Center (people still use that?). The vulnerability itself is specifically within a COM object…

Tags:
, , ,
patch-tuesday

July 2014 Patch Tuesday

Posted July 8, 2014    BeyondTrust Research Team

This July Microsoft has released six security bulletins which account for over 29 unique vulnerabilities. The most critical bulletins are MS14-037 (Internet Explorer), MS14-038 (Windows Journal)  and MS14-040 (Windows AFD). MS14-037 starts things off with another massive Internet Explorer update on the heels of MS14-035 from last month. This new Internet Explorer bulletin covers over…

Tags:
, ,
patch-tuesday

Retina Vulnerability Audits – June 2014 Patch Tuesday

Posted June 11, 2014    BeyondTrust Research Team

The following is a list of Retina vulnerability audits for this June 2014 Patch Tuesday.

Tags:
, , ,
patch-tuesday

June 2014 Patch Tuesday

Posted June 10, 2014    BeyondTrust Research Team

This June we are greeted with 7 different Microsoft Security bulletins for Patch Tuesday. MS14-030 covers a vulnerability within Remote Desktop that could allow for tampering with RDP session data. The sky is not falling here though as in order for an attacker to perform this tampering they need to already be on the same network…

Tags:
, , ,
patch-tuesday

May 2014 Patch Tuesday

Posted May 13, 2014    BeyondTrust Research Team

May’s Patch Tuesday contains eight bulletins addressing 13 issues, fixing Internet Explorer, SharePoint Server, Office, Group Policy Preferences, Windows, the .NET Framework, and iSCSI. MS14-022 fixes three vulnerabilities in Microsoft SharePoint Server, the worst of which could be used to execute arbitrary code on a targeted SharePoint server. The attacker would need to be authenticated…

Tags:
, , ,