|
Vulnerabilities & Exploits |
|
|
|
Vulnerabilities & Exploits
|
-
Cisco WebEx Meeting Manager Drive-By Exploit
On August 20, our honeypots began to receive attacks against the Cisco WebEx Meeting Manager vulnerability. This August 6 vulnerability exists in the ActiveX control used by WebEx to permit users to participate in meetings via Internet Explorer. Users running the vulnerable version of the Webex control who happened upon a Web site distributing the exploit would become infected. The first exploits that we have seen so far have been served via gaming sites that have had the exploit package injected on to them.
-
Microsoft Patch Tuesday for August 2008
Hello and welcome to this month’s blog on the Microsoft patch releases. This is one of the largest releases with 11 bulletins covering 26 vulnerabilities. Seventeen of the vulnerabilities are client-side issues rated “critical;” the remaining nine are rated “important.”
-
ActiveX Vulnerabilities: Even When You Aren't Vulnerable, You May Be Vulnerable
Recently, we came across a rather unfortunate exploit case for the Access Snapshot Viewer ActiveX Vulnerability that took advantage of a property of the ActiveX system to exploit IE users who did not have the vulnerable control installed. How does one exploit a vulnerability that does not exist on a system you say?
-
Microsoft Access Snapshot Viewer Exploited in Neosploit Wrapper
On July 7, Microsoft released a Security Bulletin outlining a vulnerability in the Access Snapshot Viewer ActiveX control. On or about this date, our honeypots began detecting this vulnerability exploited in what I can only describe as a Neosploit wrapper.
-
Microsoft Patch Tuesday for July 2008
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a relatively light month; the vendor is releasing four bulletins that cover a total of nine vulnerabilities. All nine of the issues are rated “important” this month.
-
Patch Management – Speed is of the Essence
Most people are well aware of the potential problem posed by software vulnerabilities that are publicly announced, but many of these vulnerabilities can remain unpatched by the relevant vendors. Dealing effectively with security problems posed by software vulnerabilities is a two-way street. You count on your software vendors to quickly bring
-
Microsoft Patch Tuesday for June 2008
Hello and welcome to this month’s blog on the Microsoft patch releases. The vendor is releasing seven bulletins that cover a total of 10 vulnerabilities. Of those, four are rated “Critical”, four are rated “Important”, and two are rated “Moderate.” While most of the critical vulnerabilities are the ever popular client-side issues (DirectX and Internet Explorer), the remaining issue in Bluetooth could allow an attacker within physical range of an affected computer to exploit the issue and take complete control of that computer. The remaining issues affect WINS, Active Directory, Speech API, and PGM.
-
Chinese Earthquake Triggers Web Aftershocks
From the moment the recent earthquake struck in China on May 12th, mass grief poured out from within the Chinese population at the loss of their loved ones. Many thousands of people have donated their time and money, while some have prayed and expressed their grief using the Web. Unfortunately, as is so often the case in such tragic circumstances, miscreants are all too ready to try and create mayhem and profit from the misfortune of others.
|
|
