August 6th, 2010 . by DarkFiber Consulting
Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote attacker may be able to execute arbitrary code.
DarkFiber Consulting strongly encourages users and administrators to review Microsoft security bulletin MS10-046 and apply any necessary updates to mitigate the risks.
Additional information regarding this vulnerability can be found in the following:
Posted in Security Alerts | No Comments »
Tagged With: Address • Arbitrary Code • Attacker • Critical Vulnerability • Current • Failure • Microsoft • Microsoft Icons • Microsoft Security Advisory • Microsoft Security Bulletin • Microsoft Windows • Necessary Updates • Shortcut Files • Vulnerability Note • Windows Icons
August 6th, 2010 . by DarkFiber Consulting
Foxit has released Foxit Reader 4.1.1.0805 to address a vulnerability associated with the improper rendering of PDF documents. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.
DarkFiber Consulting encourages users and administrators to review the security release notes for Foxit Reader 4.1.1.0805 and apply any necessary updates to help mitigate the risks. Additional information regarding this vulnerability can be found in DarkFiber Consulting Vulnerability Note VU#275247.
DarkFiber Consulting will provide additional information as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Address • Arbitrary Code • Attacker • Foxit • Necessary Updates • Pdf Documents • Security Release • Vulnerability Note
June 23rd, 2010 . by DarkFiber Consulting
DarkFiber Consulting is aware of a vulnerability affecting the Mircosoft Windows Help and Support Center. This vulnerability is due to improper sanitization of hcp:// URIs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands.
DarkFiber Consulting encourages users and administrators to review Vulnerability Note VU#578319 and implement the workarounds to help mitigate the risks and reduce attack vectors.
DarkFiber Consulting will provide additional information as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Arbitrary Commands • Attacker • Microsoft • Microsoft Help • Microsoft Support • Microsoft Windows Help And Support • Sanitization • Vectors • Vulnerability Note • Windows Help • Windows Support • Workarounds
January 27th, 2010 . by DarkFiber Consulting
Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitation of this vulnerability.
DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 979352 and apply the suggested workaround of setting the Internet zone security setting to High to help mitigate the risks.
Additional information about this vulnerability can be found in Vulnerability Note VU#492515.
Posted in Security Alerts | No Comments »
Tagged With: Arbitrary Code • Attacker • Code Microsoft • Internet Explorer • Internet Security • Internet Zone • Microsoft • Microsoft Explorer • Microsoft Internet • Microsoft Releases Security Advisory • Microsoft Security Advisory • Vulnerability Note • Workaround • Zone Security
July 2nd, 2009 . by DarkFiber Consulting
Foxit Reader has released updates for multiple vulnerabilities. By convincing a user to open a malicious PDF file, an attacker may be able to execute code or cause a vulnerable PDF viewer to crash. The PDF could be emailed as an attachment or hosted on a website.
DarkFiber Consulting encourages users to review the Foxit Security Bulletin and Vulnerability Note VU#251793 and apply any necessary updates.
Posted in Security Alerts | No Comments »
Tagged With: Attacker • Nbsp • Necessary Updates • Pdf Viewer • Security Bulletin • Vulnerability Note
October 27th, 2008 . by DarkFiber Consulting
Microsoft has released Security Advisory 958963 to alert users that exploit code is publicly available for the Windows Server Service vulnerability addressed in Microsoft Security Bulletin MS08-067. The advisory states that this exploit code has demonstrated arbitrary code execution on Windows 2000, XP and Server 2003.
DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 958963 and apply the update or workarounds listed in Microsoft Security Bulletin MS08-067 to help mitigate the risks.
Additional information regarding the Windows Server Service vulnerability is available in:
Posted in Security Alerts | No Comments »
Tagged With: Arbitrary Code Execution • Current • Microsoft • Microsoft Releases Security Advisory • Microsoft Security Advisory • Microsoft Security Bulletin • Server Service • Service Vulnerability • Vulnerability Note • Windows 2000 • Windows 2000 Xp • Windows Server • Workarounds
September 9th, 2008 . by DarkFiber Consulting
In June, DarkFiber Consulting published Vulnerability Note VU#476345 to alert users of a vulnerability affecting Citect CitectSCADA. This vulnerability is due to a buffer overflow condition in the handling of ODBC requests from clients. Exploit code for this vulnerability is publicly available and exploitation may allow an attacker to execute arbitrary code.
DarkFiber Consulting encourages users to review Vulnerability Note VU#476345 and apply the patch as described in the document.
Posted in Security Alerts | No Comments »
Tagged With: Arbitrary Code • Attacker • Buffer Overflow Condition • Citect • Vulnerability Note
August 6th, 2008 . by DarkFiber Consulting
Oracle has released a patch to address a previously disclosed vulnerability in the WebLogic plug-in for Apache. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.
DarkFiber Consulting encourages users to consider applying the patch and workarounds referenced in the Oracle Security Advisory and in Vulnerability Note VU#716387.
Posted in Security Alerts | No Comments »
Tagged With: Address • Apache • Arbitrary Code • Attacker • Denial Of Service • Oracle • Oracle Security • Security Advisory • Vulnerability Note • Weblogic
August 1st, 2008 . by DarkFiber Consulting
Apple has released Security Update 2008-005 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to conduct DNS cache poisoning attacks, execute arbitrary code, cause a denial-of-service condition, or access the affected system with elevated privileges. Please note that this update addresses recent issues with weaknesses in common DNS implementations; see Vulnerability Note VU#800113 for additional information.
DarkFiber Consulting encourages users to review Apple Article HT2647 and apply any necessary updates as soon as possible to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Address • Addresses • Apple Article • Arbitrary Code • Attacker • Denial Of Service • Necessary Updates • Privileges • Vulnerabilities • Vulnerability Note
July 25th, 2008 . by DarkFiber Consulting
DarkFiber Consulting is aware of publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. Exploitation of this vulnerability may allow an attacker to cause a nameserver’s clients to contact the incorrect, and possibly malicious hosts for particular services. As a result, web traffic, email and other important network data could be redirected to systems under the attacker’s control.
DarkFiber Consulting strongly urges administrators to patch affected systems immediately. Please review the following DarkFiber Consulting documents for further details:
DarkFiber Consulting will provide additional information as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Affected Systems • Attacker • Current • Cyber Security • Dns Cache • Email • Important Network • Malicious Hosts • Mitigation • Nameserver • Nat Pat • Vulnerability Note • Web Traffic