BugTraq Latest Security Advisories

Syndicate content
The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!
Updated: 1 hour 1 min ago

Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

February 15, 2018 - 2:07am

Posted by Jeffrey Walton on Feb 14

Not sure if this is related, but:
https://winbuzzer.com/2018/02/14/microsoft-just-killed-skype-classic-response-unfixable-security-bug-xcxwbn/

Microsoft today squashed a bug that was found in Skype’s updater
process earlier this week. However, it seems the company’s method for
stopping the flaw is to kill off the Skype classic experience. If that
is the case, users of Skype on Windows 7 and Windows 8.1 could lose
access to the service.

As...
Categories:

[SECURITY] [DSA 4113-1] libvorbis security update

February 15, 2018 - 2:05am

Posted by Moritz Muehlenhoff on Feb 14

-------------------------------------------------------------------------
Debian Security Advisory DSA-4113-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
February 14, 2018 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libvorbis
CVE ID : CVE-2017-14632 CVE-2017-14633...
Categories:

NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security)

February 15, 2018 - 2:03am

Posted by apparitionsec on Feb 14

[+] Credits: hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt
[+] ISR: Apparition Security

[-_-] D1rty0tis

Vendor:
=============
www.nat32.com

Product:
=================
NAT32 Build (22284)

NAT32 is a versatile IP Router implemented as a WIN32 application.

Vulnerability Type:
===================
Remote Command Execution

CVE Reference:...
Categories:

Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS

February 14, 2018 - 7:29am

Posted by Stefan Kanthak on Feb 14

Hi @ll,

yesterdays "Security update deployment information: February 13, 2018"
<https://support.microsoft.com/en-us/help/20180213> links the following
MSKB articles for the security updates of Microsoft's Office products:
<https://support.microsoft.com/kb/4011715>
<https://support.microsoft.com/kb/4011200>
<https://support.microsoft.com/kb/3114874>
<https://support.microsoft.com/kb/4011707>
<...
Categories:

[security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification

February 14, 2018 - 7:27am

Posted by cyber-psrt on Feb 14

Note: the current version of the following document is available here:
https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03091103

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: KM03091103
Version: 1

MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code
Execution or Remote Arbitrary File Modification

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release...
Categories: