Microsoft to release three critical fixes
Posted on 09 August 2013.
The August 2013 Patch Tuesday advance notification includes a slightly higher volume of fixes than last month, but only 3 of 8 are critical, which is down from July’s 6 of 7 critical fixes. However, in a reversal from last month, the advisories are focused on Windows operating system patches, plus one Exchange issue.

Remember that a “critical” rating from Microsoft factors in its exploitability and if the vulnerability has been responsibly disclosed. Given this, we could be looking at a number of issues that are in the wild.

I would consider Bulletin #3 to be of the greatest concern, as it affects all supported versions of Microsoft's Exchange Server and is rated as critical with remote code execution. If this is truly a remotely exploitable issue that does not require user interaction, then it's a potentially wormable issue and definitely should be put at the top of the patching priority list.

Bulletin #1 is the monthly patch for Internet Explorer’s critical issues and should be the second prioritized patch, given its rating and broad exposure.

The third critical issue is Bulletin #2 and only applies to Windows XP and 2003. Therefore, for some organizations this patch may be of less concern, if they have already moved to newer Windows versions.

The other five advisories, two Elevation of Privilege, two Denial of Service (DoS), and one information disclosure are spread across Windows versions, with the only remarkable point being that one of the DoS vulnerabilities applies exclusively to Server 2012.

Author: Ross Barrett, Senior Manager, Security Engineering, Rapid7.


Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Thu, Oct 30th