PREVIOUS GNEWS
11 Patches – 5 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS IE, Remote Execution – Out of Band Patch –MS Windows Could Allow, Remote Execution –MS SMB Client, Remote Execution –MS Windows Kernel, Privilege Escalation –MS VBScript, Remote Execution –MS Office Publisher, Remote Execution –MS Exchange and Windows SMTP Service, DoS –MS Windows Media Services, Remote Execution –MS Microsoft MPEG Layer-3 Codecs, Remote Execution –MS Media Player, Remote Execution –MS Visio, Remote Execution –MS Windows ISATAP Component, Spoofing Patch Tuesday
Oracle Patches Released –47 critical patches Adobe, 1 patche –APSB10-09 Adobe Reader and Acrobat –Install Apple, –OSX released –QuickTime released –iTunes 9.1 released –AirPort Base Station released Browsers –Firefox, Chrome, Opera Holes / Patches
MS virtual machine and doublespeak “There is no vulnerability introduced, just a loss of certain security protection mechanisms.” But wait didn’t you just say….. “First and foremost, customers should rest assured that this advisory does not affect the security of Windows 7 systems directly. The security safeguards (DEP, ASLR, SafeSEH, etc.) that are in place remain effective at helping protect users from malware on that system. In addition, Our Windows Server virtualization technology, Hyper-V, is also not affected by this advisory. Applications running inside a Hyper-V guest continue to benefit from these same security safeguards.” Core Security Technologies “A Core Security Exploit Writer working with CoreLabs, the research arm of Core Security Technologies, found that affected versions of Virtual PC hypervisor contain a vulnerability that may allow attackers to bypass several security mechanisms of the Windows operating system to compromise vulnerable virtualized systems. The issue may also transform a certain type of common software bug into exploitable vulnerabilities. Affected versions of the product include: Microsoft Virtual PC 2007, Virtual PC 2007 SP1, Windows Virtual PC and Microsoft Virtual Server On Windows 7 the XP Mode feature is affected by the vulnerability. Microsoft Hyper-V technology is not affected by this problem. The issue was reported to Microsoft in August of The vendor indicated that it plans to solve the problem in future updates to the vulnerable products. “ Holes / Patches
ie o-day Java –installing an alternate malicious library an attacker could compromise the machine. Cisco –15 patches released. –Unified Communications DoS VMWare –DoS –VMnc codec –VMware Remote Console ClamAV bypass –Clam 0.96 released Holes / Patches
Hacking Disgruntled Austinian DoS’ed100+ cars Apache - XSS on issue tracking site exploited "If you are a user of the Apache-hosted JIRA, Bugzilla or Confluence, a hashed copy of your password has been compromised,“
[In]secure Magazine 25 NIST Guide for PII Papers
skipfish 1.31b webappsec recon owasp codwcrawler 2.5 webappsec code review tool vicnum 14 vulnerable app Webraider custom metasploit Sahi webappsec Pulledpork snort rule manager / oinkmaster replacement stream armor ads tool Updates
CON Events CanSecWest Mar 24 BlackHat Europe Apr 12 Notacon Apr 15 Toorcon Seatle Apr 18 HITB Dubai Apr 19 THOTCON 0x1 Apr 23 rd – Sold Out Source Apr 24 Interop Vegas Apr 25
All images scavenged without permission