Tagged: microsoft

Thumbnail 0

FTC Details the Top 10 Imposter Scams of 2014

Original release date: March 02, 2015 The Federal Trade Commission (FTC) has released an advisory describing the top 10 reported imposter scams for 2014. Scam operators often impersonate individuals, companies, and organizations to entice targets to participate in fraudulent financial transactions

Samba Remote Code Execution Vulnerability 0

Samba Remote Code Execution Vulnerability

Original release date: February 24, 2015 Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon (smbd). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT recommends users and administrators refer to their respective Linux OS vendor(s) for an appropriate patch if affected

Lenovo Computers Vulnerable to HTTPS Spoofing 0

Lenovo Computers Vulnerable to HTTPS Spoofing

Original release date: February 20, 2015 Lenovo consumer personal computers employing the pre-installed Superfish Visual Discovery software contain a critical vulnerability through a compromised root CA certificate. Exploitation of this vulnerability could allow a remote attacker to read all encrypted web browser traffic (HTTPS), successfully impersonate (spoof) any website, or perform other attacks on the affected system. US-CERT recommends users and administrators review Vulnerability Note VU#529496 and US-CERT Alert TA15-051A for additional information and mitigation details

Microsoft Patch Mayhem: February Patch Failure Summary, (Mon, Feb 16th) 0

Microsoft Patch Mayhem: February Patch Failure Summary, (Mon, Feb 16th)

February was another rough month for anybody having to apply Microsoft patches. We had a couple of posts already covering the Microsoft patch issues, but due to the number of problems, here a quick overview of what has failed so far: Bulletin/KB # Patch Symptom Solution MS15-009 KB 3023607 SSL fix to address the POODLE vulnerability. Cisco AnyConnect will refuse to connect run AnyConnectclientin Windows 7 or Windows 8 Compatibilty Mode KB2920732 PowerPoint (functionality fix, not a security patch) Powerpoint 2013 fails to start on Windows RT refresh your device (see https://support.microsoft.com/kb/2751424 ) or remove patch.

SB15-047: Vulnerability Summary for the Week of February 9, 2015 0

SB15-047: Vulnerability Summary for the Week of February 9, 2015

Original release date: February 16, 2015 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information

VU#787252: Microsoft Windows domain-configured client Group Policy fails to authenticate servers 0

VU#787252: Microsoft Windows domain-configured client Group Policy fails to authenticate servers

Vulnerability Note VU#787252 Microsoft Windows domain-configured client Group Policy fails to authenticate servers Original Release date: 13 Feb 2015 | Last revised: 13 Feb 2015 Overview Microsoft Windows domain-configured client Group Policy fails to authenticate servers over Universal Naming Convention (UNC) paths. Description Microsoft has released MS15-011 , detailing a critical flaw in which Windows domain-configured client Group Policy fails to authenticate servers over Universal Naming Convention (UNC) paths