Light Patch Tuesday coming up
Posted on 09 January 2014.
2014 is getting off to a light start with Microsoft. Only four advisories in the January advance notification.

For the first time in a while, there is not a cumulative IE roll up patch. This must be an indication that the IE team was finally allowed to take some time off over the holidays in light of the grueling 2013 they put in. Expect them back in February, no doubt.

The second bulletin, likely MS14-002, will address the somewhat awaited kernel elevation of privilege issues known as CVE-2013-5065, which was reported and disclosed back in November with some limited exploitation in the wild. The issue only affects Windows XP and 2003 systems, but if you are running those I would consider this something to patch quickly.

The third bulletin is another elevation of privilege issue affecting Windows 7 and 2008, so if you dodged a bullet with CVE-2013-5065, you are still impacted by this one. No getting out of it this month.

The fourth bulletin is a denial of service in the seldom seen Microsoft Dynamics product. This is about as marginal a concern as you can get to in terms of MS advisories.

Itís a pretty easy prioritization this month. Patch MS14-001, then whichever of 002 or 003 apply to you. Patch the DoS in MS Dynamics when you are really bored sometimeÖ no, just kidding. If you have Dynamics in your environment, donít overlook it. Itís the type of system where downtime can have a material cost to your business.


Author: Ross Barrett, Senior Manager, Security Engineering, Rapid7.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //