Posts Tagged ‘Microsoft Windows’

dangerous flaw in windowsMicrosoft patches two critical vulnerabilities in the Windows:

  • Directory traversal attack CVE-2015-0016 (vulnerability exists in the TS WebProxy Windows component)
  • Buffer Overflow Vulnerability CVE-2015-0014 (A buffer overflow vulnerability exists in Windows Telnet service)

Bypass security restrictions in Microsoft Windows (Directory traversal attack)

Danger level: High
The presence of fixes: Yes
The number of vulnerabilities: 1 (more…)


dangerous flaw in windowsCritical Vulnerability: Remote Code Execution in Microsoft Windows

Microsoft warns users about 0-day attacks via PowerPoint OLE objects. Hackers are exploiting a zero-day vulnerability in Windows.

Vulnerability in Microsoft OLE Could Allow Remote Code Execution and affecting all supported releases of Microsoft Windows, excluding Windows Server 2003.

Today, Microsoft has released Security Advisory 3010060 as well as the “Fix It” temporary patch. A new ID, CVE-2014-6352, has been assigned to track this issue. (more…)


SandwormZero-day vulnerability in all versions of Windows

On Tuesday, October 14, 2014, iSIGHT Partners – in close collaboration with Microsoft – announced the discovery of a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012.

Researchers at iSIGHT Partners said that the team, which they’ve dubbed Sandworm, likely has been active since 2009. (The sandworm is a fictional form of desert-dwelling creature from the Dune universe created by Frank Herbert – From Wikipedia, the free encyclopedia.)

Microsoft is making a patch for this vulnerability available as part of patch updates on the 14th – CVE-2014-4114. (more…)

Vulnerabilities in Microsoft Windows

Vulnerabilities in Microsoft Windows

Multiple vulnerabilities in Microsoft Windows

1. Vulnerability in the processing of checking revocation IP-HTTPS certificates in Microsoft Windows

Danger: Low
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2012-2549
Vector of operation: Remote
Impact: Security Bypass

Affected Products: Microsoft Windows Server 2008, Windows Server 2012

Affected versions: Microsoft Windows 2008 R2, Windows 2012

Description:

Which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to insufficient authentication certificates in IP-HTTPS component. A remote user can use the revoked certificate as valid.

Manufacturer URL: www.microsoft.com (more…)

Vulnerability

Elevation of Privilege

Vulnerability: Elevation of Privilege in Microsoft Windows

Danger: Low
Patch: Yes
Number of vulnerabilities: 2

CVE ID: CVE-2012-2530
CVE-2012-2553
Vector of operation: Local Net
Impact: Privilege escalation

Affected products: Microsoft Windows XP Home Edition, Windows XP Professiona, Windows Server 2003 Web Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Datacenter Edition, Windows Storage Server 2003, Windows Vista, Windows Server 2008, Windows 7.

Affected versions: Microsoft Windows XP, Microsoft Windows 2003, Microsoft Windows Vista, Microsoft Windows 2008, Microsoft Windows 7, Microsoft Windows 2008 R2. (more…)

Adobe Flash

Vulnerabilities in Flash Player for Windows

Vulnerability: Multiple vulnerabilities in Flash Player for Microsoft Windows

Danger: High
Patch: Yes
Quantity of vulnerabilities: 7

CVE ID: CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280

Impact:
– Security Bypass
– Compromise of

Affected Products:
– Microsoft Windows 8;
– Microsoft Windows Server 2012. (more…)