Microsoft November out-of-cycle patch Note: MS14-066 was also updated today to fix some of the issues previously discussed with the introduction of the additional TLS cipher suites.
Original release date: November 18, 2014 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).
Original release date: November 18, 2014 Microsoft has released security updates to address a remote elevation of privilege vulnerability which exists in implementations of Kerberos KDC in Microsoft Windows. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.
Original release date: November 17, 2014 Apple released security updates for iOS devices, OS X Yosemite and Apple TV to address multiple vulnerabilities, one of which could allow remote attackers to execute arbitrary commands. Updates available include: iOS 8.1.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later OS X Yosemite v10.10.1 for Macintosh Apple TV 7.0.2 for Apple TV 3rd generation and later US-CERT encourages users and administrators to review Apple security updates HT6590 , HT6572 and HT6592 , and apply the necessary updates.
12 retweets 0 favorites
Just a quick update on the SChannel problem (MS14-066, CVE-2014-6321). So far, there is still no public available exploit for the vulnerability, and details are still sparse.
VU#505120: Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets
Vulnerability Note VU#505120 Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets Original Release date: 13 Nov 2014 | Last revised: 13 Nov 2014 Overview A critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network packets.
We had a number of users suggesting that we should have labeled MS14-066 as Patch Now instead of just critical. This particular vulnerability probably has the largest potential impact among all of the vulnerabilities patched this Tuesday, and should be considered the first patch to apply, in particular on servers.