Original release date: December 20, 2014 Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie processing code. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device.
Original release date: December 19, 2014 NTP has released an update that addresses multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to execute malicious code. US-CERT encourages users and administrators to review Vulnerability Note VU#852879 and update to NTP 4.2.8 if necessary.
Original release date: December 19, 2014 Systems Affected Microsoft Windows Overview US-CERT was recently notified by a trusted third party of cyber threat actors using a Server Message Block (SMB) Worm Tool to conduct cyber exploitation activities recently targeting a major entertainment company.
Vulnerability Note VU#659684 Honeywell OPOS suite Stack Buffer Overflow vulnerability Original Release date: 12 Dec 2014 | Last revised: 12 Dec 2014 Overview The Honeywell OPOS (OLE for Retail Point-of-Sale (POS)) Suite is vulnerable to a stack buffer overflow attack. Description The Honeywell OPOS Suite provides a standard programming interface that allows POS hardware to be easily integrated into retail POS systems based on Microsoft Windows operating systems
It’s that time of the month again; Microsoft Patch Day. Yesterday, Microsoft posted their regular batch of security updates, so it’s time you patch your Windows systems. I’ll summarize some Patch Day highlights below, but you should visit Microsoft’s December Patch Day Summary page for more details By the Numbers: On Tuesday, Microsoft released seven security bulletins, fixing a total of 25 security vulnerabilities in many of their products
Original release date: December 09, 2014 Adobe has released security updates to address multiple vulnerabilities in Flash, Reader, Acrobat, and ColdFusion.
Original release date: December 09, 2014 Microsoft has released updates to address vulnerabilities in Exchange, Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for December 2014. Some of these vulnerabilities could allow elevation of privilege, remote code execution, or disclosure of information. US-CERT encourages users and administrators to review Microsoft Security Bulletin MS14-DEC and apply the necessary updates.