Adobe Flash Player and AIR Domain Sandbox Bypass Vulnerability (APSB10-06)

Two (2) potential risks associated with this vulnerability are Denial of Service issue (CVE-2010-0187) Allowing users to make unauthorized cross-domain requests We recommend verifying the version number of the present adobe flash player and then reviewing the solution in order to resolve this issue. See below on how to verify the version number and reviewing the…

Adobe Acrobat and Reader Multiple Vulnerabilities (APSB16-14)

Users on Windows and Macintosh systems can utilize the Adobe product’s update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of…

Administrator Account’s Password Does Not Expire

While there are queries that can be run in Active Directory Administrative Center to determine which accounts haven’t had their passwords changed recently, this is not a task that’s likely to be performed by anyone outside the administration team. Ultimately whether your select the “password never expires” option is up to you. Enabling it does…

Configuring Anonymous FTP Authentication (IIS 6.0)

You can configure your FTP server to allow anonymous access to FTP resources. If you select Anonymous FTP authentication for a resource, all requests for that resource are accepted without prompting the user for a user name or password. This is possible because IIS automatically creates a Windows user account called IUSR_computername, where computername is…

7-Zip gets an update to fix major security vulnerabilities

Security researchers from Talos have written a bunch of fancy words on their blog here, which basically say 7-Zip has a couple of serious security flaws. Everyone’s up in arms about it, too. There are two major security flaws found in the program, one which allows hackers to remotely execute code (basically run programs from…

Tuesday Patch Releases

As part of the monthly security bulletin release cycle, Microsoft provides advance notification to their customers concerning the number of new security updates being released and the products affected. This is intended to help customers plan for the deployment of these security updates more effectively. Solutions to Microsoft problems are usually released every second Tuesday…

Remote code execution (RCE)

Remote code execution (RCE) is the power an attacker has to access another person’s computing machine and make modifications, irrespective of the place the system is geographically situated. Vulnerabilities can present an attacker with the flexibility to execute malicious code and take full management of an affected system with the privileges of the person operating the…

December 2016 – Microsoft Security Update

Microsoft Security Updates and Problems (December 2016) The release date for this bulletin is the 13th December 2016. The Microsoft updates or patches listed below will require a restart of services or server in order to be applied effectively. The severity ratings are Critical and Important  whereas the vulnerability impact includes remote code execution, elevation of privileges and information disclosure….

November 2016 – Microsoft Security Updates

Microsoft Problems with Security Updates (November 2016) The release date for this bulletin is the 08th November 2016. The severity ratings are Critical and Important  whereas the vulnerability impact includes remote code execution, elevation of privileges and information disclosure. The Microsoft updates/patches listed below will require a restart of services or server in order to be applied effectively. Bulletin number Title Security…