Tag Archives: Vulnerability

Critical vulnerabilities in Microsoft’s Malware Protection Engine (CVE-2017-11937 and CVE-2017-11940)

[German]Microsoft’s Malware Protection Engine has a critical memory corruption vulnerability that allows remote code execution. Microsoft released a security advisory on December 6, 2017 and says corresponding security updates are available. Here are what I found out till now. [Update: … Continue reading

Posted in Security, Update, Windows | Tagged , , , | 2 Comments

Critical vulnerability in HPE Integrated Lights-out 4 (iLO 4)

[German]The management software Integrated Lights-out 4 (iLO 4) for HP-Proliant Server has a critical vulnerability, allowing remote code execution on a system without login.

Posted in devices, issue, Security, Update | Tagged , , | Leave a comment

US-CERT warns: Microsoft Windows LNK vulnerability

[German]US-CERT issued a warning: Microsoft Windows automatically executes code specified in shortcut (LNK) files. This allows attackers to execute malware during viewing a lnk file. A public exploit is available.

Posted in Security, Windows | Tagged , , | Leave a comment

WINS is legacy and vulnerable, use DNS instead

[German]Today just a short note for Windows Administrators in enterprises. Windows Internet Name Service (WINS) is legacy and contains a vulnerability. Therefore WINS should not be deployed anymore. Switch to DNS instead.

Posted in Security, Windows | Tagged , , , , , | Leave a comment

New details to Intel’s AMT vulnerability

On Mai 1, 2017 Intel disclosed the AMT vulnerability (INTEL-SA-00075), without publishing details. Security Researcher from Tenable has analyzed this vulnerability.

Posted in computer, Security | Tagged , , , , , | Leave a comment

Warning: Dridex botnet addresses Word zero day vulnerability

User of Microsoft Word should be rather careful, because there is a zero day vulnerability within Microsoft Word. Now Dridex botnet sends millions of spam e-mails to users, containing malware attachments, addressing this Microsoft Word zero day exploit.

Posted in Office, Security | Tagged , , , , | Leave a comment

Critical vulnerabilities in Kaspersky Internet Security

Four critical vulnerabilities has been reported in Kaspersky Internet Security Version 16.0.0 (and probably in other Kaspersky products). Kaspersky has fixed this vulnerabilities with an update.

Posted in Update, Windows | Tagged , , , | Leave a comment

Vulnerabilities and Backdoors in Dell’s SonicWALL

Some bad news for users of Dell’s SonicWALL security solution. Security researchers has identified six Vulnerabilities including a hidden ‘Backdoor’ in Dell’s SonicWALL Global Management System (GMS), Version 8.1 (Build: 8110.1197).

Posted in computer | Tagged , , | Leave a comment

Security flaw in Symantec’s AV products sets you at risk

Bad news for all computer users (Windows and Mac OS) working with Symantec’s Anti Virus-/security solutions. Tavis Ormandy from Google’s project zero has uncovered a vulnerability that affects all Norton/Symantec security products.

Posted in Windows | Tagged , , , , | Leave a comment

Warning: Vulnerabilities in VLC-Player 2.1.5

Today I like to address a mysterious security issue within VLC Player 2.1.5. This popular media player seems to have two security flaw in memory management, that can be used to execute any code.

Posted in computer, Windows | Tagged , , | Leave a comment