Tagged: microsoft

"Misfortune Cookie" Broadband Router Vulnerability 0

"Misfortune Cookie" Broadband Router Vulnerability

Original release date: December 20, 2014 Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie processing code. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device.

Vulnerabilities Identified in Network Time Protocol Daemon 0

Vulnerabilities Identified in Network Time Protocol Daemon

Original release date: December 19, 2014 NTP has released an update that addresses multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to execute malicious code. US-CERT encourages users and administrators to review Vulnerability Note VU#852879 and update to NTP 4.2.8 if necessary.

TA14-353A: Targeted Destructive Malware 0

TA14-353A: Targeted Destructive Malware

Original release date: December 19, 2014 Systems Affected Microsoft Windows Overview US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities recently targeting a major entertainment company.

Docker Releases Security Updates 0

Docker Releases Security Updates

Original release date: December 12, 2014 Docker versions 1.3.3 and 1.4.0 have been released to address multiple security vulnerabilities, one of which could allow a remote attacker to take control of a vulnerable system.

VU#659684: Honeywell OPOS suite Stack Buffer Overflow vulnerability 0

VU#659684: Honeywell OPOS suite Stack Buffer Overflow vulnerability

Vulnerability Note VU#659684 Honeywell OPOS suite Stack Buffer Overflow vulnerability Original Release date: 12 Dec 2014 | Last revised: 12 Dec 2014 Overview The Honeywell OPOS (OLE for Retail Point-of-Sale (POS)) Suite is vulnerable to a stack buffer overflow attack. Description The Honeywell OPOS Suite provides a standard programming interface that allows POS hardware to be easily integrated into retail POS systems based on Microsoft Windows operating systems

Microsoft’s Last Patch Day Until 2015; Three Critical Patches 0

Microsoft’s Last Patch Day Until 2015; Three Critical Patches

It’s that time of the month again; Microsoft Patch Day. Yesterday, Microsoft posted   their regular batch of security updates, so it’s time you patch your Windows systems. I’ll summarize some Patch Day highlights below, but you should visit Microsoft’s December Patch Day Summary page for more details By the Numbers: On Tuesday, Microsoft released seven security bulletins, fixing a total of 25 security vulnerabilities in many of their products

Microsoft Releases December 2014 Security Bulletin 0

Microsoft Releases December 2014 Security Bulletin

Original release date: December 09, 2014 Microsoft has released updates to address vulnerabilities in Exchange, Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for December 2014. Some of these vulnerabilities could allow elevation of privilege, remote code execution, or disclosure of information. US-CERT encourages users and administrators to review Microsoft Security Bulletin MS14-DEC and apply the necessary updates.