gHacks technology news » vulnerabilities

Microsoft Patch Tuesday December 08

Martin — Wed, 10 Dec 2008 21:06:27 +0000

Microsoft released another batch of patches using their regular schedule. A total of eight security bulletins have been published that contain descriptions of security vulnerabilities of which six have been classified as critical and two as important.

The easiest way to install the patches is by downloading and installing the security patches at Windows Update which provides access to all security updates even for users who run a non legit version of Windows.

Microsoft did also release a new version of the Windows Malicious Software Removal Tool which is now able to detect two new families of malware (Win32/FakeXPA and Win32/Yektel)

MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated “Critical”
MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated “Critical”
MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) which is rated “Critical”
MS08-073: Cumulative Security Update for Internet Explorer (958215) which is rated “Critical”
MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) which is rated “Critical”
MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) which is rated “Critical”
MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) which is rated “Important”
MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) which is rated “Important”

Windows users should install the updates as soon as possible to secure their computer system.

Tags: microsoft patchday, microsoft patches, patch tuesday, vulnerabilities, windows patches, windows security, windows-update

Five common Web application vulnerabilities

Martin — Wed, 03 May 2006 15:52:28 +0000

The article “Five common Web application vulnerabilities” lists and explains five common attack forms and presents an example how this vulnerability could have been exploited. The explanation is clearly aimed at people who do not have dealt with such vulnerabilities before, seems to be a great way to start and getting informed.
The five attacks in question are:

Remote code execution
SQL injection
Format string vulnerabilities
Cross Site Scripting (XSS)
Username enumeration

Another great feature of this article is the reference section beneath each attack form which provides you with more indepth information about the subject. Again, a great way to get started.

Tags: Security, vulnerabilities

Scurn – Security Vulnerability Search Engine

Martin — Tue, 18 Apr 2006 07:17:19 +0000

Cirt.net provides an easy and fast way to search many sites that post security vulnerabilites. The search engine uses the databases of the following sites: Bugtraq, CVE, ISS, OSVDB, Secunia, Snort, Nessus, Packetstorm, Security Tracker, Bugtraq Mailing List and Full-Disclosure Mailing List. The latest security vulnerabilites are reported to those sites and you are able to check them all with this search engine.

This is great for everyone who works with more than one of those sites, get ready to save some time. It´s also a great way for website owners to stay up to date and secure their websites by knowing and fixing the latest publically known vulnerabilities.

Tags: scurn, Security, vulnerabilities

gHacks technology news » vulnerabilities

Microsoft Patch Tuesday December 08

Related posts

Five common Web application vulnerabilities

Related posts

Scurn – Security Vulnerability Search Engine

Related posts