risk assessment

If you’ve been connecting your critical infrastructure and automation systems to the internet, then you need to sit up and take notice. Recent advisories from the Cybersecurity and Infrastructure Security Agency (CISA) have highlighted some alarmingly severe vulnerabilities within the...

In a significant advisory release on October 3, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) warned about severe vulnerabilities in the TEM Opera Plus FM Family Transmitter. The discovery has raised red flags for organizations using this equipment, especially in...

Original release date: October 17, 2019 Summary On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating systems.[1] After this date, these products will no longer receive free technical support, or software and security updates...

Revision Note: V3.0 (April 14, 2015): Revised advisory to announce with the release of security update 3038314 on April 14, 2015 SSL 3.0 is disabled by default in Internet Explorer 11, and to add instructions for how to undo the workarounds. Summary: Microsoft is aware of detailed information...

Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of...

[emoji631] [emoji594] [emoji100] [emoji100] Sent from my 8063 using Windows Forums mobile app

[emoji631] [emoji779] Sent from my 8063 using Windows Forums mobile app

For the second in this series of blog entries we want to look into which vulnerability reports make it into the monthly release cadence. It may help to start with some history. In September 2003 we made a change from a release anytime approach to a mostly predictable, monthly release cadence...

Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already...

Original release date: March 16, 2017 Systems Affected All systems behind a hypertext transfer protocol secure (HTTPS) interception product are potentially affected. Overview Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS...

Severity Rating: Important Revision Note: V1.0 (November 8, 2016): Bulletin published. Summary: The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker can manipulate files in locations not intended to be available to the user by exploiting this...

:eek::zoned:

Severity Rating: Critical Revision Note: V1.0 (September 8, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file...

Severity Rating: Critical Revision Note: V1.0 (August 11, 2015): Bulletin published. Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An...

Severity Rating: Important Revision Note: V1.0 (July 14, 2015): Bulletin published. Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions. An...

Original release date: October 17, 2014 Systems Affected All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this...

Revision Note: V1.0 (October 14, 2014): Advisory published Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not...

HP is warning customers: Check your laptop charging cord to see if it's at risk of overheating. Hewlett-Packard (HPQ, Tech30) and federal regulators on Tuesday recalled 6 million power cords sold between September 2010 and June 2012 with some HP and Compaq notebook computers, as well as certain...

Any risk in losing anything by running both an internal and external disk check via this method? Thanks

As security professionals, we are trained to think in worst-case scenarios. We run through the land of the theoretical, chasing “what if” scenarios as though they are lightning bugs to be gathered and stashed in a glass jar. Most of time, this type of thinking is absolutely the correct thing...