Vulnerabilities | Eat It Or Wear It

May 2024
S	M	T	W	T	F	S
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Tuesday Fun With Microsoft

Posted on December 13, 2011 by Killian Bundy

The new patches are here, the new patches are here!

Microsoft Patches 17 Bugs in December Patch Tuesday

Microsoft fixed 17 bugs in the Windows operating system, Microsoft Office, Windows Media Player and Internet Explorer. The fixes also cover a zero-day flaw exploited by the Duqu Trojan.

Microsoft released 13 security bulletins to fix 17 different vulnerabilities as part of its December Patch Tuesday update, according to the advisory released Dec. 8. Three bulletins were marked critical and the remaining 10 were rated important.

Well, it’s a good thing that Microsoft finally patched against the Duqu virus, better late than never, as they say. What are you waiting for? Start installing your gifts!

/at least you can’t say Microsoft didn’t get you anything for the Holidays

Filed under: Blog Entry | Tagged: According, Advisory, BEAST, Browser Exploit Against SSL/TLS, Bugs, Bulletins, Critical, Different, Duqu, Duqu Trojan, Duqu Virus, Exploited, Fixed, Flaw, IE, Important, Internet Explorer, Marked, Media Player, Microsoft, Microsoft Office, Microsoft Patch Tuesday, Office, Operating, Operating System, Patch, Patch Tuesday, Patches, Rated, Released, Security, Security Bulletins, System, Trojan, Tuesday, Update, Virus, Vulnerabilities, Windows, Windows Media Player, Windows Operating System, Zero-Day, Zero-Day Flaw | Leave a comment »

Tuesday Fun With Microsoft

Posted on October 11, 2011 by Killian Bundy

Windows, the software of perpetual patching. This installment is fairly large.

Microsoft Fixes Internet Explorer, Windows Flaws in October Patch Tuesday

Microsoft fixed 23 vulnerabilities across eight security bulletins as part of its October Patch Tuesday release.

October’s Patch Tuesday release resolved issues in Internet Explorer versions 6 through 9, all versions of Microsoft Windows from XP through 7, .NET and Silverlight, Microsoft Forefront Unified Access Gateway and Host Integration Server, Microsoft said Oct. 11. Two of the patches are rated “critical,” and six are rated “important,” Microsoft said.

So, get busy and happy patching!

/until the next time Microsoft releases patches to make its software suck less . . .

Filed under: Blog Entry | Tagged: .NET, Bulletins, Fixes, Flaws, Host Integration Server, IE6, IE7, IE8, IE9, Important, Internet Explorer, Issues, Microsoft, Microsoft Forefront Unified Access Gateway, Microsoft Patch Tuesday, Microsoft Update, MS11-075, MS11-076, MS11-077, MS11-078, MS11-079, MS11-080, MS11-081, MS11-082, Patch, Patch Tuesday, Patches, Patching, Rated, Release, Security, Security Bulletins, Silverlight, Software, Vulnerabilities, Windows, Windows 7, Windows Vista, Windows XP | Leave a comment »

Do The Microsoft Patch Dance

Posted on August 9, 2011 by Killian Bundy

The dance that never ends.

Microsoft Patch

Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server.

While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators. Adobe Systems Inc., which issues fixes on a quarterly cycle, issued a critical security update late Tuesday, repairing seven flaws in its Shockwave Player, more than a dozen holes in its Flash Player and an error in its Flash Media Server.

Microsoft addressed seven vulnerabilities in Internet Explorer including two zero-day flaws. According to MS11-057, Microsoft said an attacker who successfully exploited any of the vulnerabilities could gain the same user rights as the local user. Microsoft said the most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer

. . .

Another noteworthy bulletin is MS11-065, which resolves a vulnerability in the Remote Desktop Protocol. Although the security bulletin is rated important for users of Windows Server 2003, Miller said Microsoft has seen attacks targeting the flaw in the wild. The flaw can be targeted if an attacker sends a malicious remote desktop protocol connection request to the victim’s computer which could cause the system to crash.

Get busy downloading.

/so, until the next Patch Tuesday . . .

Filed under: Blog Entry | Tagged: Addressed, Adobe Systems, Attacker, Attacks, Bulletin, Cause, Computer, Crash, Critical, Critical Security Update, Critical Updates, Exploited, Fixes, Flash Media Server, Flash Player, Flaw, Holes, Important, Internet Explorer, Local User, Malicious Remote Desktop Protocol Connection Request, Microsoft, Microsoft Patch Tuesday, MS11-057, MS11-065, Patch, Product Line, Quarterly Cycle, Rated, Remote Code Execution, Remote Desktop Protocol, Resolves, Security, Security Bulletin, Security Update, Shockwave Player, Specially Crafted, Specially Crafted Web Page, Successfully Exploited, System, System Administrators, Targeting, Update, User Rights, Users, Victim, Views, Vulnerabilities, Vulnerability, Web Page, Windows, Windows DNS Server, Windows Server 2003, Zero-Day Flaws | Leave a comment »

Tuesday Is The Time At Microsoft When We Patch

Posted on July 12, 2011 by Killian Bundy

It’s a relatively small one this time, but critical.

Microsoft Fixes 22 Bugs in July Patch Tuesday

Microsoft addressed 22 security vulnerabilities across four security bulletins in July’s Patch Tuesday update. Three of the patches fix issues in the Windows operating system.

The four bulletins patched issues in all versions of the Windows operating system and in Microsoft Visio 2003 Service Pack 3, Microsoft said in its Patch Tuesday advisory, released July 12. Of the patches, only one has been rated “critical.” The remaining three are rated “important,” according to Microsoft.

“Today’s Patch Tuesday, though light, should not be ignored, as these patches address vulnerabilities that allow attackers to remotely execute arbitrary code on systems and use privilege escalation exploits,” said Dave Marcus, director of security research and communications at McAfee Labs.

Security experts ranked Microsoft bulletin MS11-053, which addressed a critical vulnerability in the Windows Bluetooth stack on Windows Vista and Windows 7, as the highest priority. Attackers could exploit the vulnerability by crafting and sending specially crafted Bluetooth packets to the target system to remotely take control, Microsoft said in its bulletin advisory.

This isn’t the first time you’ve had to update Windows, you know what to do, so get busy.

/until next time, same patch time, same patch channel

Filed under: Blog Entry | Tagged: Address, Addressed, Advisory, All Versions, Allow, Arbitrary, Arbitrary Code, Attackers, Bluetooth Packets, Bluetooth Stack, Bugs, Bulletin, Bulletin Advisory, Code, Communications, Control, Crafting, Critical, Critical Vulnerability, Dave Marcus, Director, Director Of Security Research And Communications, Escalation, Execute, Experts, Exploit, Exploits, Highest Priority, Important, Issues, McAfee, McAfee Labs, Microsoft, Microsoft Patch Tuesday, Microsoft Visio 2003, Microsoft Visio 2003 Service Pack 3, MS11-053, Operating System, Patch, Patch Tuesday, Patch Tuesday Advisory, Patched, Patches, Privilege, Privilege Escalation Exploits, Rated, Released, Remotely, Remotely Execute, Remotely Execute Arbitrary Code, Remotely Take Control, Security, Security Bulletin, Security Experts, Security Research, Security Vulnerabilities, Sending, Service Pack 3, Specially Crafted, Specially Crafted Bluetooth Packets, System, Systems, Target, Target System, Tuesday, Versions, Vulnerabilities, Vulnerability, Windows, Windows 7, Windows Bluetooth Stack, Windows Operating System, Windows Vista | Leave a comment »

Aid And Comfort To The Enemy

Posted on June 20, 2011 by Killian Bundy

Let’s see, China launches cyberattacks and conducts internet espionage against the United States 24/7/365 and our U.S. Department of Homeland Security is warning China about their vulnerabilities? WTF?

China’s Infrastructure Vulnerable to Cyber Attack

Software widely used in China to help run weapons systems, utilities and chemical plants has bugs that hackers could exploit to damage public infrastructure, according to the Department of Homeland Security.

The department issued an advisory on Thursday warning of vulnerabilities in software applications from Beijing-based Sunway ForceControl Technology Co that hackers could exploit to launch attacks on critical infrastructure.

China is not our friend, why are we feeding the hand that bites us? Why aren’t we keeping these discovered Chinese vulnerabilities to ourselves in case we might actually need to use them in the event of escalated hostilities with China?

/and just when did the DHS become the CDHS, Chinese Department of Homeland Security, protecting the homeland of a hostile country?

Filed under: Blog Entry | Tagged: Advisory, Attacks, Beijing, Beijing-Based, Bugs, Chemical Plants, China, Critical Infrastructure, Cyber-Attack, Cyberattacks, Damage, Department, Department Of Homeland Security, DHS, Dillon Beresford, Espionage, Exploit, Hackers, ICS-CERT, Industrial Control Software, Infrastructure, Internet, Issued, Launch Attacks, Public Infrastructure, SCADA, SCADA Vulnerabilities, Software, Software Applications, Stuxnet, Sunway ForceControl Technology Co, Supervisory Control And Data Acquisition, U.S. Industrial Control Systems Cyber Emergency Response Team, United States, Utilities, Vulnerabilities, Vulnerable, Warning, Weapons Systems, Widely Used, WTF | 1 Comment »

Hackers With A Death Wish

Posted on June 15, 2011 by Killian Bundy

It’s probably not a good idea to taunt the folks who tracked down Osama bin Laden and specialize in covert, extrajudicial killings.

CIA Web site hacked; group LulzSec takes credit

The hacker group LulzSec claimed credit Wednesday for taking down the CIA’s Web site for a couple of hours, the latest in a string of embarrassing Web site disruptions the group has pulled off — apparently more to poke fun and highlight vulnerabilities than to cause real damage.

At 5:48 p.m., LulzSec, which dubs itself “the world’s leaders in high-quality entertainment at your expense,” posted an alert on Twitter: “Tango down — cia.gov — for the lulz.”

The site was back up by 8 p.m.

Apparently, LulzSec stages these attacks for giggles, laughs, and bragging rights, which is all fun and games until they bite off more than they can chew by hitting an entity with unlimited resources and more hacking talent than they have, and then suddenly it won’t be so funny anymore. Maybe LulzSec already has and they just don’t know it yet.

/as Jim Croce warned, you don’t tug on Superman’s cape, you don’t spit into the wind . . .

Filed under: Blog Entry | Tagged: Alert, Cause, Central Intelligence Agency, CIA, CIA Website, Cia.gov, Claimed Credit, Covert, Disruptions, Dubs Itself, Embarrassing, Extrajudicial Killings, Hacked, Hacker Group, Hackers, Highlight, Highlight Vulnerabilities, Lulz, LulzSec, Poke Fun, Posted, Pulled Off, Real Damage, Site, Takes Credit, Taking Down, Tango Down, The World’s Leaders In High-Quality Entertainment At Your Expense, Twitter, Vulnerabilities, Web Site, Web Site Disruptions, Website | Leave a comment »

Tuesday Fun With Microsoft

Posted on June 14, 2011 by Killian Bundy

It’s another big one and the flaws are serious.

Microsoft Fixes 24 Bugs in June Patch Tuesday

Microsoft addressed 24 security vulnerabilities across 16 security bulletins in June’s Patch Tuesday update. This will be Microsoft’s second-largest Patch Tuesday in 2011 after April’s gargantuan release.

Microsoft patched the Windows operating system, all supported versions of Internet Explorer, Microsoft Office, SQL Server, Forefront, .NET/Silverlight, Active Directory and Hyper-V, the company said in its Patch Tuesday advisory released June 14. Of the patches, nine have been rated as “critical,” and seven have been ranked as important, according to Microsoft.

Microsoft called out four critical updates as top priorities on the Microsoft Security Response Center blog. They include a fix for all versions of the SMB Client on Windows (MS11-043), 11 bugs in all versions of Internet Explorer (MS11-050), another Windows flaw (MS11-052) and two issues in the DFS client for all versions of Windows (MS11-042), according to Trustworthy Computing’s Angela Gunn.

Damn, if Windows was a car that had been “repaired” this many times, it wouldn’t have any original parts left.

/anyway, get busy with the updating, don’t let the bad guys in, at least until they find new holes in Widows that Microsoft will have to patch next month

Filed under: Blog Entry | Tagged: .NET, .NET/Silverlight, Active Directory, Addressed, Advisory, Angela Gunn, Bugs, Critical, Critical Updates, DFS Client, Fix, Fixes, Flaw, Forefront, Gargantuan Release, Hyper-V, Important, Internet Explorer, Issues, Microsoft, Microsoft Office, Microsoft Patch Tuesday, Microsoft Security Response Center, Microsoft Security Response Center Blog, MS11-042, MS11-043, MS11-050, MS11-052, Operating System, Patch, Patch Tuesday, Patched, Patches, Second-Largest, Security, Security Vulnerabilities, Silverlight, SMB Client, SQL Server, Supported Versions, Top Priorities, Trustworthy Computing, Updates, Versions, Vulnerabilities, Windows, Windows Flaw, Windows Operating System | Leave a comment »

It’s Tuesday, Time To Download Microsoft Patches

Posted on April 12, 2011 by Killian Bundy

And this Tuesday, there’s an extra big heapin’ helpin’ of downloadin’ fun!

Microsoft Issues Huge Patch Tuesday Fix for Windows, IE

Microsoft today released a batch of 17 security updates for a Patch Tuesday that cover 64 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Visual Studio, .NET Framework and GDI+.

Nine of the bugs are rated critical, while eight are important. One of the “important” bulletins includes 30 vulnerabilities in one bug, MS11-034, and they all share the same couple of root causes, Microsoft said.

Microsoft identified three vulnerabilities as its top priority bulletins for the month: MS11-020, which resolves a problem with Windows that could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system; MS11-019, another Windows bug that could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request; and MS11-018, which could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

It’s another record! Will Windows software ever be fully patched?

/probably not, so see ya next time, and have a good time downloading, this one takes quite a while!

Filed under: Blog Entry | Tagged: .NET Framework, Affected System, Attacker, Batch, Bug, Bugs, Client-Initiated SMB Request, Critical, GDI+., Huge, Identified, IE, Important, Internet Explorer, Microsoft, Microsoft Office, Microsoft Patch Tuesday, Microsoft Windows, MS11-018, MS11-019, MS11-020, MS11-034, Office, Patch, Patch Tuesday, Problem, Remote Code Execution, Root Causes, Security Bulletin, Security Updates, SMB Packet, SMB Request, SMB Response, Specially Crafted, Top Priority Bulletins, Visual Studio, Vulnerabilities, Web Page, Windows, Windows Bug | Leave a comment »

Who Wants To Fly The Space Shuttle?

Posted on March 28, 2011 by Killian Bundy

Apparently, all you need are some computer hacking skills. Unreal, how many years now has computer network cybersecurity been a known issue?

NASA Computer Servers Insecure, Open to ‘Catastrophic’ Attack

Computer servers on NASA’s mission network are at high risk for Internet-based attacks that could have “catastrophic” effects on the space agency, according to a Monday report.

Specifically, NASA’s Office of Inspector General (OIG) found that six computer servers associated with IT assets that control spacecraft and contain critical data have vulnerabilities that would allow a cybercriminal to remotely attack and take control of them.

Once inside, meanwhile, the attacker could then use those compromised computers to exploit other weaknesses, which could “severely degrade or cripple NASA’s operations,” the OIG found. Network servers also contained encryption keys, encrypted passwords, and user account information that were accessible to attackers.

What’s the problem? The OIG said NASA has been slow to act on a recommendation it made in May 2010 that NASA secure its networks. At that point, the OIG told NASA to immediately establish an IT security oversight program for its mission network, but as of February 2011, NASA had done nothing.

Read the report:

INADEQUATE SECURITY PRACTICES EXPOSE
KEY NASA NETWORK TO CYBER ATTACK

With astronauts’ lives at stake, as well as our national prestige, you’d think NASA would be a lot more concerned and up to date with their computer security efforts and policies. And remember, these people are supposed to be America’s best and brightest in the technical and scientific arena. Thank God nothing disastrous has come about because of this glaring gap in common sense computer network operation security.

/kind of makes you wonder, if NASA is this lax and inattentive, how wide open and vulnerable are other critical government computer systems?

Filed under: Blog Entry | Tagged: Accessible, Account Information, Attack, Attacker, Attackers, Attacks, Catastrophic Attack, Catastrophic Effects, Compromised Computers, Computer, Computer Servers, Control Spacecraft, Cripple, Critical Data, Cybercriminal, Done Nothing, Encrypted Passwords, Encryption Keys, High Risk, Immediately Establish, Insecure, Inspector General, Internet-Based, Internet-Based Attacks, IT Assets, IT Security, IT Security Oversight Program, Mission Network, NASA, NASA's Operations, National Aeronautics And Space Administration, Network Servers, Networks, Office Of Inspector General, OIG, Operations, Oversight Program, Problems, Recommendation, Remotely Attack, Secure, Servers, Severely Degrade, Space Agency, Spacecraft, Take Control, User, User Account Information, Vulnerabilities, Weaknesses | Leave a comment »

Hitting Us Where It Really Hurts

Posted on March 1, 2011 by Killian Bundy

Whether or not “outside forces” were a factor in our 2008 economic meltdown, in the age of cyber warfare, the possibility of such an attack on the U.S. financial infrastructure is a scenario worth paying extremely close attention to. It’s a huge target, it’s far from invulnerable, and the potential for crippling economic damage and chaos cuts to the core of our very way of life.

Financial terrorism suspected in 2008 economic crash

Evidence outlined in a Pentagon contractor report suggests that financial subversion carried out by unknown parties, such as terrorists or hostile nations, contributed to the 2008 economic crash by covertly using vulnerabilities in the U.S. financial system.

The unclassified 2009 report “Economic Warfare: Risks and Responses” by financial analyst Kevin D. Freeman, a copy of which was obtained by The Washington Times, states that “a three-phased attack was planned and is in the process against the United States economy.”

While economic analysts and a final report from the federal government’s Financial Crisis Inquiry Commission blame the crash on such economic factors as high-risk mortgage lending practices and poor federal regulation and supervision, the Pentagon contractor adds a new element: “outside forces,” a factor the commission did not examine.

“There is sufficient justification to question whether outside forces triggered, capitalized upon or magnified the economic difficulties of 2008,” the report says, explaining that those domestic economic factors would have caused a “normal downturn” but not the “near collapse” of the global economic system that took place.

Suspects include financial enemies in Middle Eastern states, Islamic terrorists, hostile members of the Chinese military, or government and organized crime groups in Russia, Venezuela or Iran. Chinese military officials publicly have suggested using economic warfare against the U.S.

Read the report:

Economic Warfare: Risks and Responses

If you think about it, there’s very little that could be called a paper trail regarding today’s financial records and transactions world wide, it’s all manipulated and stored electronically at a speed and complexity that defies human oversight.

/definitely a fertile battlespace for a sophisticated enemy looking to bring the United States down on her knees in financial pain

Filed under: Blog Entry | Tagged: 2009 Report, Attack, Bill Gertz, Capitalized Upon, Chinese Military, Chinese Military Officials, Contractor, Contributed, Covertly, Cyber-Warfare, Domestic Economic Factors, Economic Analysts, Economic Crash, Economic Difficulties, Economic Factors, Economic Meltdown, Economic Warfare, Economic Warfare: Risks And Responses, Economy, Evidence, Federal Government, Federal Regulation, Final Report, Financial Analyst, Financial Crisis Inquiry Commission, Financial Enemies, Financial Subversion, Financial Terrorism, Global Economic System, Government, High-Risk Mortgage Lending Practices, Hostile Nations, Iran, Islamic Terrorists, Kevin D. Freeman, Magnified, Middle Eastern States, Near Collapse, New Element, Normal Downturn, Organized Crime Groups, Outside Forces, Pentagon, Pentagon Contractor, Planned, Poor Federal Regulation, Poor Supervision, Report, Russia, Sufficient Justification, Supervision, Suspected, Suspects, Terrorism, Terrorists, Three-Phased Attack, Triggered, U.S. Financial Infrastructure, U.S. Financial System, Unclassified, United States, United States Economy, Unknown Parties, Venezuela, Vulnerabilities, Washington Times | Leave a comment »

Eat It Or Wear It

Archives

Tuesday Fun With Microsoft

Tuesday Fun With Microsoft

Do The Microsoft Patch Dance

Tuesday Is The Time At Microsoft When We Patch

Aid And Comfort To The Enemy

Hackers With A Death Wish

Tuesday Fun With Microsoft

It’s Tuesday, Time To Download Microsoft Patches

Who Wants To Fly The Space Shuttle?

Hitting Us Where It Really Hurts

Recent Posts

Blogroll

Donate

Fantasy Football

Finance

News

Weather

Blog Stats