No Image

MS15-106 – Critical: Cumulative Security Update for Internet Explorer (3096441) – Version: 2.0

2015-10-29 KENNETH 0

Severity Rating: CriticalRevision Note: V2.0 (October 29, 2015): Bulletin revised to announce the release of a new Windows 10 cumulative update (3105210) to address an additional vulnerability, CVE-2015-6045, which has been added to this bulletin. Only customers running Windows 10 systems need to install this new update. Earlier operating systems are either not affected or have received the fix in the original updates of October 13, 2015. See Microsoft Knowledge Base Article 3105210 for more information and the download link.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system [ more… ]

No Image

MS15-OCT – Microsoft Security Bulletin Summary for October 2015 – Version: 2.0

2015-10-29 KENNETH 0

Revision Note: V2.0 (October 29, 2015): For MS15-106, Bulletin Summary revised to announce the release of a new Windows 10 cumulative update (3105210) to address an additional vulnerability, CVE-2015-6045, and to add this vulnerability to the Exploitability Index. Only customers running Windows 10 systems need to install this new update. Earlier operating systems are either not affected or they received the fix in the original updates of October 13, 2015. See Microsoft Knowledge Base Article 3105210 for more information and the download link.Summary: This bulletin summary lists security bulletins released for October 2015. Source: ms-security

No Image

MS15-111 – Important: Security Update for Windows Kernel to Address Elevation of Privilege (3096447) – Version: 1.2

2015-10-29 KENNETH 0

Severity Rating: ImportantRevision Note: V1.2 (October 29, 2015): Bulletin revised to announce a detection change in the 3088195 update for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1. The detection change temporarily blocks deployment of the 3088195 update to systems running a specific version of USB Blocker software that is incompatible with the update. For more information, see Microsoft Knowledge Base Article 3088195. Note: This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. Source: [ more… ]

No Image

NTP 다중 취약점 보안 업데이트 권고

2015-10-26 KENNETH 0

□ 개요o NTP(Network Time Protocol)에서 발생한 원격코드실행 등 총 13개의 취약점을 보완한 보안 업데이트를 발표[1]o 공격자는 취약점에 영향 받는 시스템에 악의적인 명령어 실행 등의 피해를 발생시킬 수 있으므로 해결방안에 따라 최신버전으로 업데이트 권고 □ 설명o crypto-NAK을 통해 인증을 우회하는 취약점(CVE-2015-7871)o decodenetnum()함수에서 위조된 값에 대해 FAIL 반환하는 대신 오류 값을 발생하는 취약점(CVE-2015-7855) o 패스워드 길이 처리하는 과정에서 발생하는 메모리 손상 취약점(CVE-2015-7854)o refclock 드라이버에서 부적절한 데이터 길이로 인해 발생하는 버퍼오버플로우 취약점(CVE-2015-7853)o ntpq atoascii()함수에서 발생하는 메모리 손상 취약점(CVE-2015-7852)o saveconfig에서 발생하는 디렉토리 접근 취약점(CVE-2015-7851)o NTP의 원격 구성 기능에서 발생하는 DoS 취약점(CVE-2015-7850)o trusted key에서 발생하는 use-after-free 취약점(CVE-2015-7849)o 조작된 패킷에 의해 7 loop counter를 처리할 때, 발생할 수 있는 Out-Of-Bounds 취약점(CVE-2015-7848)o CRYPTO-ASSOC에서 발생하는 메모리 손상 취약점(CVE-2015-7701)o “pidfile”과 “driftfile”만 허용 가능한 디렉토리 접근 취약점(CVE-2015-7703)o timestamp 유효성 검사를 하는 클라이언트에서 발생할 수 있는 KoD 취약점(CVE-2015-7704, CVE-2015-7705)o autokey 데이터 패킷 길이 체크 시 발생하는 취약점(CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) □ 영향 받는 소프트웨어o [ more… ]