Original release date: November 25, 2014 Systems Affected Microsoft Windows NT, 2000, XP, Vista, and 7 Overview On November 24, 2014, Symantec released a report on Regin, a sophisticated backdoor Trojan used to conduct intelligence-gathering campaigns. At this time, the Regin campaign has not been identified targeting any organizations within the United States.
Original release date: November 24, 2014 US-CERT reminds users to remain vigilant when browsing online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments.
5 retweets 3 favorites
Original release date: November 19, 2014 Systems Affected Microsoft Windows Vista, 7, 8, and 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Overview A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution Center (KDC) in Microsoft Windows which could allow a remote attacker to take control of a vulnerable system. [ 1 ] Description The Microsoft Windows Kerberos KDC fails to properly check service tickets for valid signatures, which can allow aspects of the service ticket to be forged
Microsoft today deviated from its regular pattern of releasing security updates on the second Tuesday of each month, pushing out an emergency patch to plug a security hole in all supported versions of Windows . The company urged Windows users to install the update as quickly as possible, noting that miscreants already are exploiting the weaknesses to launch targeted attacks. The update ( MS14-068 ) addresses a bug in a Windows component called Microsoft Windows Kerberos KBC , which handles authenticating Windows PCs on a local network
VU#213119: Microsoft Windows Kerberos Key Distribution Center (KDC) fails to properly validate Privilege Attribute Certificate (PAC) signature
Vulnerability Note VU#213119 Microsoft Windows Kerberos Key Distribution Center (KDC) fails to properly validate Privilege Attribute Certificate (PAC) signature Original Release date: 18 Nov 2014 | Last revised: 18 Nov 2014 Overview Microsoft Windows Kerberos KDC contains a vulnerability allowing an authenticated unprivileged domain user to escalate privileges to a domain administrator account, allowing the user to compromise any computer on the domain. Description CWE-347 : Improper Verification of Cryptographic Signature The Microsoft Windows Kerberos KDC fails to properly check for valid signatures in the Privilege Attribute Certificate (PAC) included with the Kerberos ticket request. A domain user may forge the information contained in the PAC to request higher user privileges than should be allowed.
Original release date: November 18, 2014 Microsoft has released security updates to address a remote elevation of privilege vulnerability which exists in implementations of Kerberos KDC in Microsoft Windows. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.
Today, Microsoft will release MS14-068. This is one of the bulletins that was skipped in Novembers patch Tuesday update
Original release date: November 17, 2014 Apple released security updates for iOS devices, OS X Yosemite and Apple TV to address multiple vulnerabilities, one of which could allow remote attackers to execute arbitrary commands. Updates available include: iOS 8.1.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later OS X Yosemite v10.10.1 for Macintosh Apple TV 7.0.2 for Apple TV 3rd generation and later US-CERT encourages users and administrators to review Apple security updates HT6590 , HT6572 and HT6592 , and apply the necessary updates.