Archiv für 9. Februar 2010

Microsoft Windows Kerberos Ticket Renewal Request Denial of Service SECUNIA ADVISORY ID: SA38512 VERIFY ADVISORY: http://secunia.com/advisories/38512/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error in the Kerberos implementation when [...]

Microsoft Data Analyzer ActiveX Control Vulnerability SECUNIA ADVISORY ID: SA38503 VERIFY ADVISORY: http://secunia.com/advisories/38503/ DESCRIPTION: A vulnerability has been reported in Microsoft Data Analyzer, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an unspecified error in the Microsoft Data Analyzer ActiveX control (max3activex.dll). This can be [...]

Microsoft Windows TLS/SSL Session Renegotiation Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA38365 VERIFY ADVISORY: http://secunia.com/advisories/38365/ DESCRIPTION: Microsoft has acknowledged a vulnerability in Microsoft Windows, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to an error in the TLS and SSL protocols while handling session renegotiations. This can [...]

Microsoft Windows Server 2008 Hyper-V Denial of Service SECUNIA ADVISORY ID: SA38508 VERIFY ADVISORY: http://secunia.com/advisories/38508/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows Server 2008, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in Hyper-V when processing the encoding [...]

Microsoft DirectShow AVI File Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA38511 VERIFY ADVISORY: http://secunia.com/advisories/38511/ DESCRIPTION: A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an error when parsing AVI files and can be exploited to cause a [...]

National Cyber Alert System Cyber Security Alert SA10-040A Microsoft Updates for Multiple Vulnerabilities Original release date: Last revised: — Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer * Microsoft Office Overview Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Office. Solution Install updates The updates to [...]

National Cyber Alert System Technical Cyber Security Alert TA10-040A Microsoft Updates for Multiple Vulnerabilities Original release date: Last revised: — Source: US-CERT Systems Affected * Microsoft Windows and Windows Server * Microsoft Internet Explorer * Microsoft Office Overview Microsoft has released updates to address vulnerabilities in Microsoft Windows, Windows Server, Internet Explorer, and Microsoft Office. [...]

Vulnerability Summary for the Week of February 1, 2010 This bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) the week of February 1, 2010. It is available here: http://www.us-cert.gov/cas/bulletins/SB10-040.html For instructions on subscribing to or unsubscribing from this mailing [...]

US-CERT Current Activity Microsoft Releases February Security Bulletin Original release date: February 9, 2010 at 3:13 pm Last revised: February 9, 2010 at 3:13 pm Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for February 2010. These vulnerabilities may allow an attacker [...]

Microsoft Office File Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA38481 VERIFY ADVISORY: http://secunia.com/advisories/38481/ DESCRIPTION: Core Security Technologies has reported a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an error when parsing OfficeArtSpgr containers and can be exploited to cause [...]