September 8, 2009 11:37 PM
Posted by: Ken Harthun
Critical update,
insecure,
Microsoft Windows,
Networking,
Patch management,
Patch Tuesday,
Remote Code Execution,
Security,
Security bulletin,
Vulnerabilities,
Wireless securityAll of them are critical, but not a single one of them affects Windows 7, scheduled for release on October 22.
The most dangerous flaw covered by this month’s batch of patches is a remote code execution vulnerability in the way that the JScript scripting engine decodes script in Web...
July 29, 2009 9:08 PM
Posted by: Ken Harthun
Embedded systems,
Exploits,
Firewalls,
Hacking,
insecure,
Remote Code Execution,
Security,
Security management,
Storage,
VulnerabilitiesI don’t know how many times I’ve told people that the embedded management interface on most devices is a security breach waiting to happen. I just got wind of some news, but can’t seem to find anything more than this mention. As soon as I dig up some details, I’ll let you know. This...
December 24, 2008 4:43 PM
Posted by: Ken Harthun
Database,
Remote Code Execution,
Security,
SQL Server,
VulnerabilitiesMicrosoft's latest Security Advisory (961040) covers a vulnerability in SQL Server that could allow remote code execution:
Microsoft is investigating new public reports of a vulnerability that could allow...
December 12, 2008 9:44 PM
Posted by: Ken Harthun
Critical update,
Firefox,
Internet Explorer,
Malware,
Opinion,
Remote Code Execution,
Security,
Security bulletin,
Vulnerabilities,
Zero-day exploit,
Zero-day vulnerabilityEven though Microsoft released the biggest batch of patches ever on Tuesday--28 flaws affecting Windows, Office, Internet Explorer, Visual Basic Active Controls and Windows Media Player, 23 of them rated “critical”--there's no fix for a zero-day XML parser vulnerability that surfaced the same...
October 29, 2008 3:04 PM
Posted by: Ken Harthun
Browsers,
Opera,
Remote Code Execution,
Security bulletin,
Zero-day exploit,
Zero-day vulnerabilityJust as Opera completed patches for critical vulnerabilities in its browser, researchers discovered another remote code execution bug. In its recent article, "Opera scrambles to quash zero-day bug in...
October 23, 2008 8:29 PM
Posted by: Ken Harthun
Critical update,
Malware,
Microsoft Windows,
Remote Code Execution,
Security,
Security bulletin,
VulnerabilitiesMicrosoft just released a critical update for a "privately reported" vulnerability in the server service:
This security update resolves a privately reported vulnerability in the Server service. The...
June 5, 2008 1:30 PM
Posted by: Ken Harthun
Apple,
Browsers,
Microsoft Windows,
Remote Code Execution,
Security,
VulnerabilitiesMicrosoft has issued Security Advisory 953818 advising Safari users to "restrict use of Safari as a web browser until an appropriate update is available from Microsoft and/or Apple." According to...
May 29, 2008 8:14 PM
Posted by: Ken Harthun
Cyber warfare,
Opinion,
Remote Code Execution,
Security,
Security management,
VulnerabilitiesIt has long been an "everybody knows" that viruses and other malware cannot physically damage hardware. We've all seen those alarming emails that say, "...the virus destroys Sector Zero, thus permanently destroying the hard disk," a statement we know is rubbish; at worst, the disk is rendered...
May 22, 2008 7:38 PM
Posted by: Ken Harthun
Buffer Overflow,
Remote Code Execution,
Security,
VulnerabilitiesSince I discovered Foxit Reader in early 2006, I've been recommending it to everyone. There's no question it's a best-of-breed tool for speed and simplicity. But recently, Secunia issued a
