Tageszusammenfassung - Montag 14-01-2013

End-of-Shift report

Timeframe: Freitag 11-01-2013 18:00 − Montag 14-01-2013 18:00 Handler: Stephan Richter Co-Handler: Otmar Lendl

Microsoft Lync Server 2010 Remote Code Execution/XSS User Agent Header

Topic: Microsoft Lync Server 2010 Remote Code Execution/XSS User Agent Header Risk: High Text:Summary = Microsoft Lync 2010 fails to properly sanitize user-supplied input, which can lead to remote code execution. ...


Java SE 5/6/7 critical security issue

Topic: Java SE 5/6/7 critical security issue Risk: High Text:Weve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The im...


Sysinternals Updates, (Sun, Jan 13th)

A handlers shift usually doesnt go by without Roseman writing in telling us that Microsoft have released another Sysinternals update and today is one of those days. A couple of days has passed since Microsoft announced: Autoruns v11.4: Autoruns v11.4 adds additional startup locations, fixes several bugs related to image path parsing, adds better support for browsing folders on WinPE, and fixes a Wow64 redirection bug. Procdump v5.12: This Procdump update fixes a bug introduced in v5.11...


ICS-CERT berichtet von Viren-Infektionen bei US-Stromversorgern

Über USB-Sticks werden die industriellen Steuerungssysteme eines US-Stromversorgers und eines Elektrizitätswerks mit Schadsoftware infiziert. Das ICS-CERT begrenzt den Schaden. Das "Project Shine" kann auf Schwachstellen aufmerksam machen.


Microsoft to release emergency Internet Explorer patch on Monday

"Microsoft will release a patch on Monday for older versions of its Internet Explorer browser, deviating from its normal repair schedule due to the seriousness of the problem. The vulnerability, which is present in IE 6, 7 and 8, is a memory corruption issue. It can be exploited by an attacker via a drive-by download, a term for loading a website with attack code that delivers malware to a victims computer if the person merely visits the website...."


Vuln: Qt QSslSocket::sslErrors() Certificate Validation Security Weakness

Qt QSslSocket::sslErrors() Certificate Validation Security Weakness


Heads-Up - Oracle Critical Patch Update Pre-Release Announcement - January 2013

"DescriptionThis Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Critical Patch Update for January 2013, which will be released on Tuesday, January 15, 2013. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory. A Critical Patch Update is a collection of patches for multiple security vulnerabilities...."


Emergency patch for Java fails to fix cybercrime holes, warn experts

ORACLE released an emergency update to its Java software for surfing the Web last night, but security experts said the update fails to protect PCs from attack by hackers intent on committing cyber crimes.