Sophos security news:
Sophos publishes new podcast exploring the data loss risks associated with virtualization.
More information at Sophos.com
-
Search
-
RSS Links
Categories
Archives
Is virtualization a new channel for data loss?
Posted in Sophos Security Leave a comment
MS09-044 - Critical: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Go to full Article at Microsoft.com
Posted in MS Security Leave a comment
MS09-043 - Critical: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Go to full Article at Microsoft.com
Posted in MS Security Leave a comment
MS09-042 - Important: Vulnerability in Telnet Could Allow Remote Code Execution (960859)
Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Go to full Article at Microsoft.com
Posted in MS Security Leave a comment
MS09-041 - Important: Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
Go to full Article at Microsoft.com
Posted in MS Security Leave a comment
Microsoft Security Advisory (973882): Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution - 8/11/2009
Revision Note: V2.0 (August 11, 2009): Advisory revised to add entries in the Updates related to ATL section to communicate the release of Microsoft Security Bulletin MS09-037, Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution, and the rerelease of Microsoft Security Bulletin MS09-035, Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution, to offer additional updates. Advisory Summary:Security Advisory
Go to full Article at Microsoft.com
Posted in MS Security Leave a comment
Microsoft Security Advisory (973811): Extended Protection for Authentication - 8/11/2009
Revision Note: Advisory published. Advisory Summary:Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA).
Go to full Article at Microsoft.com
Posted in MS Security Leave a comment
Microsoft Security Advisory (973472): Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution - 8/11/2009
Revision Note: V2.0 (August 11, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation of a privately reported vulnerability in Microsoft Office Web Components. We have issued MS09-043 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-043. The vulnerability addressed is the Office Web Components HTML Script Vulnerability - CVE-2009-1136.
Go to full Article at Microsoft.com
Posted in MS Security Leave a comment
NASA hacker loses judicial review, Sophos comments
Sophos security news:
71 percent of IT professionals say Gary McKinnon should not be extradited.
More information at Sophos.com
Posted in Sophos Security Leave a comment
MS09-035 - Moderate: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
Bulletin Severity Rating:Moderate - This security update addresses several privately reported vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio. This security update is specifically intended for developers of components and controls. Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin and follow the guidance provided to create, and distribute to their customers, components and controls that are not vulnerable to the vulnerabilities described in this security bulletin.
Go to full Article at Microsoft.com
Posted in MS Security Leave a comment
