Microsoft has a Telnet vulnerability which has a critical remote code execution. (MS15-002) https://technet.microsoft.com/library/security/ms15-jan This is true: “Only customers who enable telnet on Windows 2003 are affected (it is installed but not enabled). and Telnet is not installed on Vista or later operating systems” But if you did enable (or install and enable) it has … Read more
Checkpoint has the scoop: http://www.checkpoint.com/downloads/partners/TCC-Silverlight-Jan2015.pdf Silverlight exploits may be less common, but unfortunately this particular exploit obfuscates itself and can infect the desktop that has loaded Silverlight. Background to Silverlight: “The Silverlight framework enables the development of web applications with features similar to those of Adobe flash and Java Applets. The Silverlight runtime environment is … Read more
Patch Tuesday has passed, but the ramifications have not. All over sysadmins are deciding what patches to apply and when. Here is the report of what is happening: https://support.microsoft.com/kb/2992611 MS14-066 Schannel vulnerability is a bad remote code execution bug (must be patched) Internet Storm Center recommends this is a patch now kind of … Read more
Bromium report has the information plus a lot more. Two items of note in the report: 1. the type of exploits occurring in IE, Java and Flash The security system of the Operating system(ASLR and DEP) was exploited in Zero-day attacks in Internet Explorer(IE). The new Adobe Action Script feature was exploited in Flash And … Read more
