Adobe Flash Player Emergency Patch, (Tue, Feb 4th)

 SANS Internet Storm Center, Security Alerts  Comments Off on Adobe Flash Player Emergency Patch, (Tue, Feb 4th)
Feb 042014
 

Adobe today released an emergency patch for a vulnerability that is currently actively exploited. The patch addresses CVE-2014-0497. [1]

The address affects all Windows, OS X and Linux. for Windows/OS X, the current version is now 12.0.0.44 and for Linux 11.2.202.336. Google Chrome users need to update Google Chrome to fix the included version of Flash as do users of Internet Explorer 10 and 11. [2]

[1] http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
[2] http://technet.microsoft.com/en-us/security/advisory/2755801

——
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Threat Level Yellow: See FireEye’s writeup re: CVE-2013-3893 http://bit.ly/16xQe8Z, (Sat, Sep 21st)

 SANS Internet Storm Center, Security Alerts  Comments Off on Threat Level Yellow: See FireEye’s writeup re: CVE-2013-3893 http://bit.ly/16xQe8Z, (Sat, Sep 21st)
Sep 212013
 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

MS13-055 – Critical : Cumulative Security Update for Internet Explorer (2846071) – Version: 1.3

 Microsoft Security Bulletins  Comments Off on MS13-055 – Critical : Cumulative Security Update for Internet Explorer (2846071) – Version: 1.3
Sep 052013
 

Severity Rating: Critical
Revision Note: V1.3 (September 5, 2013): Added CVE-2013-3846 as a vulnerability addressed by this update. This is an informational change only.
Summary: This security update resolves eighteen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS13-055 – Critical : Cumulative Security Update for Internet Explorer (2846071) – Version: 1.3

 Microsoft Security Bulletins  Comments Off on MS13-055 – Critical : Cumulative Security Update for Internet Explorer (2846071) – Version: 1.3
Sep 052013
 

Severity Rating: Critical
Revision Note: V1.3 (September 5, 2013): Added CVE-2013-3846 as a vulnerability addressed by this update. This is an informational change only.
Summary: This security update resolves eighteen privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Multiple Cisco Security Notice, (Mon, Sep 2nd)

 SANS Internet Storm Center, Security Alerts  Comments Off on Multiple Cisco Security Notice, (Mon, Sep 2nd)
Sep 022013
 

"Cisco Adaptive Security Appliance (ASA) Software contains a vulnerability that could allow an unauthenticated, remote attacker to fill the connection table in the ASA preventing new connections to be established through the device."[1]
"A vulnerability in the memory management when executing either the show monitor session all or show monitor session command-line interface (CLI) commands on the Cisco Unified Computing System (UCS) 6100 Series Fabric Interconnects could allow an authenticated, local attacker to trigger a memory leak."[2]
"A vulnerability in the Routing Information Protocol (RIP) process of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the RIP process to crash."[3]
"A vulnerability in Web Administrator Interface of Cisco Wireless LAN Controllers (WLC) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition."[4]

[1] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3463
[2] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3467
[3] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3470
[4] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3474

———–

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

%d bloggers like this: