Microsoft to release nine bulletins on Tuesday
Posted on 10 August 2012.
For the second month running, Microsoft’s Patch Tuesday Advanced Notification includes nine bulletins. This month, five are rated ‘critical’ and four ‘important’.

This month is a mixed bag of critical bulletins which affects workstations, browser, server, and productivity products. Bulletin 1 is rated critical and will address Internet Explorer 6, 7, and 8. Browser bulletins always deserve attention since client-side browser attacks are the de facto way to compromise corporate networks.

Microsoft Office products have three bulletins dedicated to them. Bulletin 4 is a critical bulletin which looks like it may fix the remaining vulnerabilities in Microsoft XML Core Services. Bulletin 8, rated important, affects Microsoft Office 2007 & 2010.

Bulletin 9 is also rated important and affects Visio 2010. It should be noted that one or more of these Office-related vulnerabilities could also affect Mac users.

Bulletin 5 is one to pay attention to since it addresses a critical remote code execution vulnerability in Microsoft Exchange. This is interesting from an exploitation standpoint because Exchange servers are usually exposed on the Internet.

When attackers hear “remote code execution on Exchange” it’s music to their ears. They could see potential for remote discovery, remote exploitation and propagation of attacks since Exchange is the epicenter of most organizations’ communications. Email servers are prime targets for exploitation.


Author: Marcus Carey, security researcher at Rapid7.





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //