October’s security patch bundle from Microsoft resolves 87 vulnerabilities, 12 rated as critical. One of these is a flaw in the Windows TCP/IP stack which can result in a server crash or remote code execution simply by sending a specially crafted ICMPv6 request. While it is technically challenging to achieve a remote code execution, the […]
October Patch Tuesday includes critical Windows TCP/IP vulnerability Read More »
Whenever a new Windows device is booted from an image, there is a period of time when the machine is live and on the network, but it is missing operating system security patches and Microsoft Defender updates. This new-born system is at its most vulnerable until the missing patches and updates have been applied. If
Microsoft Defender now updates OS image files Read More »
A critical vulnerability in Microsoft Netlogon was patched in the August patch cycle – but was so dangerous that details were not made public until September when (hopefully) many systems would have been patched. If you have not applied the August patch bundle to your domain controllers stop reading and go do it now. Really
Critical Domain Controller Flaw Requires Urgent Patching Read More »
The September 2020 patch Tuesday contain fixes for 23 Critical vulnerabilities in Microsoft products and 129 fixes in total – including a Microsoft Exchange vulnerability that can allow remote code execution simply by sending a specially crafted email to the server. A large patch bundle is a double edged sword – it’s reassuring that the
September patch Tuesday fixes 23 Critical Microsoft Vulnerabilities Read More »
The number of ransomware attacks using RDP as the attack vector has increased sharply during the COVID lockdown. As the number of staff working remotely exploded during the COVID lockdown, criminals were quick to respond by targeting Remote Desktop Protocol services with ransomware. For example, Group-IB recently reported that the Dharma ransomware-as-a-service was being used
RDP Based Attacks Increase During Lockdown Read More »
Microsoft’s August patch-Tuesday bundle fixes 120 vulnerabilities including two under active exploitation- one of them over two years old. Weighing in at 120 fixes, the August 2020 Patch Tuesday is the third largest ever released by Microsoft. Of particular interest are 17 critical updates and two zero-day exploits which are being actively attacked. IE 11
Microsoft Patches two zero-day Exploits Read More »
Microsoft has released a patch to resolve a critical remote code execution vulnerability that has lived in the DNS server code for 17 years. A blog post from the Microsoft Security Response Centre states: Today we released an update for CVE-2020-1350, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a flaw
Critical Microsoft DNS RCE Vulnerability Read More »
The July patch bundle from SAP includes a critical patch to resolve a vulnerability in the NetWeaver application server which could allow an unauthenticated attacker to gain unrestricted access to the SAP environment and database. According to the description for the vulnerability recorded as CVE CVE-2020-6287 : SAP NetWeaver AS JAVA (LM Configuration Wizard), versions
Critical SAP Vulnerability Patched Read More »
The developers of the OpenSSH implementation of Secure Shell have announced their intention to drop support for SHA-1 in a ‘near future release.’ OpenSSH is used by millions of system administrators to securely access networked systems. OpenSSH supports various encryption algorithms and the decision to drop support for SHA-1 comes as recent research demonstrates it
OpenSSH to drop support for SHA-1 Read More »
In June 2020 Microsoft’s Patch Tuesday fixes a record 129 defects and vulnerabilities in its software – with a further 19 patches in the June Microsoft Office patch bundle. This continues a recent trend of ever-increasing numbers of patches included in the monthly updates from Microsoft (the two previous highest number of patches were in
Record breaking June Patch Tuesday Read More »
SecureTeam Ltd,
Kemp House, 152 City Road,
London,
EC1V 2NX
10257784
GB 249480968
SecureTeam Ltd, Kemp House, 152 City Road,
London, EC1V 2NX
Mon – Fri: 09:00 – 17:00
Company Number: 10257784
VAT Registration No: GB 249480968
© SecureTeam 2023. All rights reserved.