Navigation section

impact

  1. News

    TA15-119A: Top 30 Targeted High Risk Vulnerabilities

    Original release date: April 29, 2015 Systems Affected Systems running unpatched software from Adobe, Microsoft, Oracle, or OpenSSL. Overview Cyber threat actors continue to exploit unpatched software to conduct attacks against critical infrastructure organizations. As many as 85 percent of...
    • News
    • Thread
    • admin rights adobe attack vector cybersecurity impact incident response malware microsoft mitigation network security openssl oracle patch management prevention restoration sensitive data software threats vulnerabilities whitelist
    • Replies: 0
    • Forum: Security Alerts
  2. News

    TA15-103A: DNS Zone Transfer AXFR Requests May Leak Domain Information

    Original release date: April 13, 2015 Systems Affected Misconfigured Domain Name System (DNS) servers that respond to global Asynchronous Transfer Full Range (AXFR) requests. Overview A remote unauthenticated user may request a DNS zone transfer from a public-facing DNS server. If...
    • News
    • Thread
    • axfr bindings configuration dns domain exploitation guidelines impact internet misconfiguration network protection remote access risk scan scripting security unauthenticated access vulnerability zone transfer
    • Replies: 0
    • Forum: Security Alerts
  3. News

    AAEH Malware: Overview, Impact, and Mitigation Strategies for Multiple Windows Systems

    Original release date: April 09, 2015 Systems Affected Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8 Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012 Overview AAEH is a family of polymorphic downloaders created with the primary purpose of downloading other...
    • News
    • Thread
    • aaeh antivirus beebone credential theft cybersecurity dhs downloader fbi impact malware mitigation network security password polymorphic prevention ransomware rar files removal tool systems affected zip files
    • Replies: 0
    • Forum: Security Alerts
  4. News

    TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

    Original release date: February 20, 2015 Systems Affected Lenovo consumer PCs that have Superfish VisualDiscovery installed and potentially others. Overview Superfish adware installed on some Lenovo PCs install a non-unique trusted root certification authority (CA) certificate, allowing an...
    • News
    • Thread
    • adware browser certificate decryption https impact komodia lenovo malware mitm network privacy root ca security spoofing ssl superfish threats uninstall vulnerability
    • Replies: 0
    • Forum: Security Alerts
  5. News

    TA14-323A: Microsoft Windows Kerberos KDC Remote Privilege Escalation Vulnerability

    Original release date: November 19, 2014 Systems Affected Microsoft Windows Vista, 7, 8, and 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Overview A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution...
    • News
    • Thread
    • administrator attack bulletin cve defense domain controller domain user escalation impact kerberos microsoft privilege escalation remote access research security service tickets systems affected update vulnerability windows
    • Replies: 0
    • Forum: Security Alerts
  6. News

    TA14-318A: Microsoft Secure Channel (Schannel) Vulnerability (CVE-2014-6321)

    Original release date: November 14, 2014 Systems Affected Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Microsoft Windows XP and 2000 may also be affected. Overview A critical vulnerability in...
    • News
    • Thread
    • arbitrary code bulletin critical cve-2014-6321 exploit impact microsoft mitigation network traffic patch management remote attack risk schannel security server ssl tls update vulnerability windows
    • Replies: 0
    • Forum: Security Alerts
  7. News

    TA14-318B: Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability

    Original release date: November 14, 2014 Systems Affected Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Overview A vulnerability in Microsoft Windows Object Linking and Embedding (OLE) could allow...
    • News
    • Thread
    • administrator arbitrary code cve-2014-6332 execution exploit impact internet explorer memory mitigation ole privileged access remote code execution safearrayredim security server 2003 server 2008 update vbscript vulnerability windows
    • Replies: 0
    • Forum: Security Alerts
  8. News

    TA14-268A: GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271,...

    Original release date: September 25, 2014 Systems Affected GNU Bash through 4.3. Linux, BSD, and UNIX distributions including but not limited to: CentOS 5 through 7 Debian Mac OS X Red Hat Enterprise Linux 4 through 7 Link Removed 10.04 LTS, 12.04 LTS, and 14.04 LTS Overview A critical...
    • News
    • Thread
    • apache arbitrary code attack bash command execution cve-2014-6271 debian environment variables impact linux mac openssh patch red hat remote code execution security shellshock solutions unix vulnerability
    • Replies: 0
    • Forum: Security Alerts
  9. News

    TA14-017A: UDP-based Amplification Attacks

    Original release date: January 17, 2014 | Last revised: March 07, 2014 Systems Affected Certain UDP protocols have been identified as potential attack vectors: DNS NTP SNMPv2 NetBIOS SSDP CharGEN QOTD BitTorrent Kad Quake Network Protocol Steam Protocol Overview A Distributed Reflective...
    • News
    • Thread
    • amplification attack bandwidth ddos detection dns drdos filters impact mitigation network ntp protocol security services solutions spoofing traffic trust udp
    • Replies: 0
    • Forum: Security Alerts
  10. News

    Microsoft Security Bulletin MS14-018 - Critical: Cumulative Security Update for Internet...

    Severity Rating: Critical Revision Note: V1.1 (April 17, 2014): Revised bulletin to help clarify that although Internet Explorer 10 is not affected by the vulnerabilities described in this bulletin, an update is available for Internet Explorer 10 that includes non-security updates. See the...
    • News
    • Thread
    • administrative attacker bulletin code critical cumulative details execution explorer impact internet microsoft patch remote revision rights security update users vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  11. News

    TA14-098A: OpenSSL 'Heartbleed' vulnerability (CVE-2014-0160)

    Original release date: April 08, 2014 Systems Affected OpenSSL 1.0.1 through 1.0.1f OpenSSL 1.0.2-beta Overview A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory...
    • News
    • Thread
    • administrator credentials cve-2014-0160 data exposed exploit heartbleed impact information disclosure key material memory mitigation openssl patch perfect forward secrecy public access revision security security flaw tls vulnerability
    • Replies: 0
    • Forum: Security Alerts
  12. News

    Advance Notification Service for the March 2014 Security Bulletin Release

    Today we provide advance notification for the release of five bulletins for March 2014, two rated Critical and thee rated Important in severity. These updates address issues in Microsoft Windows, Internet Explorer and Silverlight. The update provided in MS14-012 fully addresses the issue first...
    • News
    • Thread
    • advisory bulletin critical deployment impact important internet explorer march 2014 msrc risk security silverlight testing trustworthy computing update windows
    • Replies: 0
    • Forum: Security Alerts
  13. News

    TA14-017A: UDP-based Amplification Attacks

    Original release date: January 17, 2014 | Last revised: February 09, 2014 Systems Affected Certain UDP protocols have been identified as potential attack vectors: DNS NTP SNMPv2 NetBIOS SSDP CharGEN QOTD BitTorrent Kad Quake Network Protocol Steam Protocol Overview A Distributed...
    • News
    • Thread
    • amplification amplification factor attack bandwidth best practices damage ddos detection drdos impact ingress filtering mitigation network prevention protocol security source ip traffic shaping udp vulnerabilities
    • Replies: 0
    • Forum: Security Alerts
  14. News

    Advance Notification Service for the January 2014 Security Bulletin Release

    Today we provide advance notification for the release of four bulletins for January 2014. All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described...
    • News
    • Thread
    • 2014 ans bulletin deployment dynamics ax exploit guidance impact microsoft msrc office pst risk security server 2003 update vulnerabilities windows windows xp
    • Replies: 0
    • Forum: Security Alerts
  15. News

    TA13-193A: Exploit Tool Targets Vulnerabilities in McAfee ePolicy Orchestrator (ePO)

    Original release date: July 12, 2013 Systems Affected McAfee ePolicy Orchestrator (ePO) Overview A new exploit tool targets two vulnerabilities in McAfee’s ePolicy Orchestrator (ePO).  Description A new exploit tool specifically built to attack McAfee’s ePolicy Orchestrator (ePO)...
    • News
    • Thread
    • access administration attacker command control credentials enterprise epolicy exploit impact mcafee mitigation network orchestrator patch release risk security update vulnerability
    • Replies: 0
    • Forum: Security Alerts
  16. News

    TA13-169A: Oracle Releases Updates for Javadoc and Other Java SE Vulnerabilities

    Original release date: June 18, 2013 | Last revised: June 19, 2013 Systems Affected Any system using Oracle Java including JDK and JRE 7 Update 21 and earlier JDK and JRE 6 Update 45 and earlier JDK and JRE 5.0 Update 45 and earlier JavaFX 2.2.21 and earlier Website owners that host...
    • News
    • Thread
    • api browser critical documentation exploitation impact injection java javadoc oracle patch phishing remediation security subfolders the frame tools update vulnerabilities web
    • Replies: 0
    • Forum: Security Alerts
  17. News

    TA13-100A: Microsoft Updates for Multiple Vulnerabilities

    Original release date: April 10, 2013 Systems Affected Microsoft Windows Microsoft Remote Desktop Client Microsoft Antimalware Client Microsoft Sharepoint Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these...
    • News
    • Thread
    • administrative antimalware automatic updates bulletin denial of service execution impact microsoft patch management references remote desktop security sharepoint software solutions testing unauthenticated access update vulnerabilities windows
    • Replies: 0
    • Forum: Security Alerts
  18. News

    TA13-071A: Microsoft Updates for Multiple Vulnerabilities

    Original release date: March 12, 2013 Systems Affected Microsoft Windows Microsoft Internet Explorer Microsoft Office Microsoft Server Software Microsoft Silverlight   Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to...
    • News
    • Thread
    • access denied administrator arbitrary code automatic updates denial of service impact internet explorer microsoft office remote access security security bulletin server software silverlight solutions testing update vulnerabilities windows wsus
    • Replies: 0
    • Forum: Security Alerts
  19. News

    TA12-346A: Microsoft Updates for Multiple Vulnerabilities

    Original release date: December 12, 2012 | Last revised: January 24, 2013 Systems Affected Microsoft Windows Microsoft Office Microsoft Server Software Internet Explorer Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released...
    • News
    • Thread
    • access denied administrator arbitrary code automatic updates bulletin denial of service home users impact internet explorer microsoft office release date revision security security bulletin server testing update vulnerabilities windows
    • Replies: 0
    • Forum: Security Alerts
  20. News

    TA13-010A: Oracle Java 7 Security Manager Bypass Vulnerability

    Original release date: January 10, 2013 | Last revised: February 06, 2013 Systems Affected Any system using Oracle Java 7 (1.7, 1.7.0) including Java Platform Standard Edition 7 (Java SE 7) Java SE Development Kit (JDK 7) Java SE Runtime Environment (JRE 7) OpenJDK 7 and 7u IcedTea...
    • News
    • Thread
    • applet attack browser cve disable java drive-by download exploitation impact java jdk jre malicious software openjdk oracle security security settings social engineering solutions update vulnerability
    • Replies: 0
    • Forum: Security Alerts
Back
Top