[월:] 2017년 07월

No Image

USN-3367-1: gdb vulnerabilities

2017-07-27 KENNETH 0

USN-3367-1: gdb vulnerabilities Ubuntu Security Notice USN-3367-1 26th July, 2017 gdb vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in gdb. Software description gdb – GNU Debugger Details Hanno Böck discovered that gdb incorrectly handled certain malformed AOUTheaders in PE executables. If a user or automated system were tricked intoprocessing a specially crafted binary, a remote attacker could use thisissue to cause gdb to crash, resulting in a denial of service, or possiblyexecute arbitrary code. This issue only applied to Ubuntu 14.04 LTS.(CVE-2014-8501) It was discovered that gdb incorrectly handled printing bad bytes in IntelHex objects. If a user or automated system were tricked into processing aspecially crafted binary, a remote attacker could use this issue to causegdb to crash, resulting in [ more… ]

No Image

USN-3368-1: libiberty vulnerabilities

2017-07-27 KENNETH 0

USN-3368-1: libiberty vulnerabilities Ubuntu Security Notice USN-3368-1 26th July, 2017 libiberty vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in libiberty. Software description libiberty – library of utility functions used by GNU programs Details It was discovered that libiberty incorrectly handled certain stringoperations. If a user or automated system were tricked into processing aspecially crafted binary, a remote attacker could use this issue to causelibiberty to crash, resulting in a denial of service, or possibly executearbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu16.04 LTS. (CVE-2016-2226) It was discovered that libiberty incorrectly handled parsing certainbinaries. If a user or automated system were tricked into processing aspecially crafted binary, a remote attacker could use this issue to causelibiberty to crash, [ more… ]

Announcing Windows 10 Insider Preview Build 16251 for PC & Build 15235 for Mobile

2017-07-27 KENNETH 0

Announcing Windows 10 Insider Preview Build 16251 for PC & Build 15235 for Mobile Hello Windows Insiders! Today we are excited to release Windows 10 Insider Preview Build 16251 for PC to Windows Insiders in the Fast ring! The same build will be available for Insiders who opted in to Skip Ahead. We are also releasing Windows 10 Mobile Insider Preview Build 15235 to Insiders in the Fast ring. We won’t have a new Windows Server Insider Preview build for Windows Insiders this week. What’s New in Build 16251 For PC Windows lets you link your phone and PC You may remember at Build we talked about PCs and phones working better together. With Build 16251, we are introducing the first set of features that enable “linking” your phone to your PC. This build’s scenario is focused on cross-device web-browsing. [ more… ]

No Image

Announcing the Windows Bounty Program

2017-07-27 KENNETH 0

Announcing the Windows Bounty Program Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit and leverage vulnerabilities. We built in mitigations and defenses such as DEP, ASLR, CFG, CIG, ACG, Device Guard, and Credential Guard to harden our systems and we continue adding defenses such as Windows Defender Application Guard to significantly increase protection to harden entry points while ensuring the customer experience is seamless. In the spirit of maintaining a high security bar in Windows, we’re launching the Windows Bounty Program on July 26, 2017. This will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application [ more… ]