exploitation

Total Meltdown? Is my system vulnerable? Only Windows 7 x64 systems patched with the 2018-01 or 2018-02 patches are vulnerable. If your system isn't patched since December 2017 or if it's patched with the 2018-03 2018-03-29 patches or later it will be secure. Reference and further...

New vulnerabilities have recently been discovered with modern cpu's: It would seem Intel are more prone to attack than AMD: Meltdown and Spectre Microsoft have released patches which will be available via Windows update. If like me yours hasn't arrived then download the standalone...

Original release date: June 12, 2017 | Last revised: July 27, 2017 Systems Affected Industrial Control Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) is aware of public reports from ESET and Dragos outlining a new, highly capable Industrial...

Original release date: May 12, 2017 | Last revised: May 19, 2017 Systems Affected Microsoft Windows operating systems Overview According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in...

Revision Note: V1.0 (June 13, 2017): Advisory published Summary: Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are...

just wanting to run this past you guys … this post is straight from our good friends at bleepingcomputer.com … and the issue is in regards to the inherent vulnerabilities with current ssd-drives. i don't have much to say, since i do not own an ssd-drive …...

Severity Rating: Important Revision Note: V1.0 (March 14, 2017): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an Information Disclosure if Windows DirectShow opens specially crafted media content that is hosted on...

Severity Rating: Important Revision Note: V1.0 (December 13, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Information Disclosure when the Windows Common Log File System (CLFS) driver improperly handles...

Severity Rating: Critical Revision Note: V1.0 (December 13, 2016): Bulletin published Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file...

Severity Rating: Important Revision Note: V1.0 (October 11, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly...

Severity Rating: Important Revision Note: V1.0 (October 11, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a...

Severity Rating: Critical Revision Note: V1.0 (September 13, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file...

Severity Rating: Critical Revision Note: V1.0 (August 9, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted...

Severity Rating: Critical Revision Note: V1.0 (June 14, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who...

Original release date: May 11, 2016 Systems Affected Outdated or misconfigured SAP systems Overview At least 36 organizations worldwide are affected by an SAP vulnerability Link Removed. Security researchers from Onapsis discovered indicators of exploitation against these organizations’ SAP...

Severity Rating: Important Revision Note: V1.0 (May 10, 2016): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. An...

Original release date: April 14, 2016 Systems Affected Microsoft Windows with Apple QuickTime installed Overview According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1] Description All...

Severity Rating: Critical Revision Note: V1.0 (January 12, 2016): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...

Severity Rating: Critical Revision Note: V1.0 (December 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet...

Original release date: November 10, 2015 Systems Affected Web servers that allow web shells Overview This alert describes the frequent use of web shells as an exploitation vector. Web shells can be used to obtain unauthorized access and can lead to wider network compromise. This alert...