No Image

The MSRC 2017 list of “Top 100” security researchers

2017-08-08 KENNETH 0

The MSRC 2017 list of “Top 100” security researchers Security researchers play an essential role in Microsoft’s security strategy and are key to community-based defense. To show our appreciation for their hard work and partnership, each year at BlackHat North America, the Microsoft Security Response Center highlights contributions of these researchers through the list of “Top 100” security researchers reporting to Microsoft. This list ranks security researchers reporting directly to Microsoft according to the quantity and quality of all reports for which we’ve issued fixes. While one criteria for the ranking is volume of reports a researcher has made, the severity and impact of the reports is very important to the ranking. Higher-impact issues carry more weight than lower-impact ones. While this list does not include security researchers who report to our partners ZDI and iDefense as we do not [ more… ]

No Image

USN-3380-1: FreeRDP vulnerabilities

2017-08-08 KENNETH 0

USN-3380-1: FreeRDP vulnerabilities Ubuntu Security Notice USN-3380-1 7th August, 2017 freerdp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in FreeRDP. Software description freerdp – RDP client for Windows Terminal Services Details It was discovered that FreeRDP incorrectly handled certain width and heightvalues. A malicious server could use this issue to cause FreeRDP to crash,resulting in a denial of service, or possibly execute arbitrary code. Thisissue only applied to Ubuntu 14.04 LTS. (CVE-2014-0250) It was discovered that FreeRDP incorrectly handled certain values in aScope List. A malicious server could use this issue to cause FreeRDP tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2014-0791) Tyler Bohan discovered that FreeRDP incorrectly handled certain lengthvalues. A malicious server could use this [ more… ]

No Image

RHSA-2017:2425-1: Moderate: rh-postgresql95-postgresql security update

2017-08-08 KENNETH 0

RHSA-2017:2425-1: Moderate: rh-postgresql95-postgresql security update RHN Satellite and Proxy: An update for rh-postgresql95-postgresql is now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. This update applies only to Satellite 5.7 instances using either embedded or managed PostgreSQL databases. There are manual steps required in order to finish the migration from postgresql92-postgresql to rh-postgresql95-postgresql. If these steps are not undertaken, the affected Satellite will continue to use PostgreSQL 9.2. postgresql92-postgresql will be upgraded automatically to rh-postgresql95-postgresql as part of an upgrade to Satellite 5.8. CVE-2016-5423, CVE-2016-5424, CVE-2017-7484, CVE-2017-7485, CVE-2017-7486 Source: RHSA-2017:2425-1: Moderate: rh-postgresql95-postgresql security update

Windows 10 Tip: See your 3D creations take life in Remix 3D

2017-08-08 KENNETH 0

Windows 10 Tip: See your 3D creations take life in Remix 3D Last week, we announced new capabilities in Remix 3D – Parts and Remixes – an all-new way to experience the relationship between 3D content and see how it can transform and take new life when shared with a creative community. Here’s how to get started with Parts and Remixes: On any model page on Remix3D.com, you’ll see two new tabs: Parts and Remixes. Simply click on Parts and scroll down to see the individual parts that make up the model. A dog with a party hat and party favor may have three parts: the dog model, the hat model and the party favor model. But what if someone remixes that dog and adds a birthday cake? That would appear under Remixes. The Remixes tab is a way to [ more… ]

No Image

USN-3212-4: LibTIFF vulnerabilities

2017-08-08 KENNETH 0

USN-3212-4: LibTIFF vulnerabilities Ubuntu Security Notice USN-3212-4 7th August, 2017 tiff vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. Software description tiff – Tag Image File Format (TIFF) library Details USN-3212-1 fixed several issues in LibTIFF. This updateprovides a subset of corresponding update for Ubuntu 12.04 ESM. Mei Wang discovered a multiple integer overflows in LibTIFF whichallows remote attackers to cause a denial of service (crash) orexecute arbitrary code via a crafted TIFF image, which triggersan out-of-bounds write. (CVE-2016-3945) It was discovered that LibTIFF is vulnerable to a heap bufferoverflow in the resulting in DoS or code executionvia a crafted BitsPerSample value. (CVE-2017-5225) Original advisory details: It was discovered that LibTIFF incorrectly handled [ more… ]