Tag Archives: Vulnerability

.SettingContent-ms files put Windows 10 at risk

[German]Microsoft has introduced a new file format (.SettingContent-ms) for Windows 10 in 2015. However, this file format proves to be a weak point, as any commands and applications can be defined for execution via the underlying XML structures.

Posted in Security, Windows | Tagged , | Leave a comment

Advertising

Critical vulnerabilities in Microsoft’s Malware Protection Engine (CVE-2017-11937 and CVE-2017-11940)

[German]Microsoft’s Malware Protection Engine has a critical memory corruption vulnerability that allows remote code execution. Microsoft released a security advisory on December 6, 2017 and says corresponding security updates are available. Here are what I found out till now. [Update: … Continue reading

Posted in Security, Update, Windows | Tagged , , , | 2 Comments

Critical vulnerability in HPE Integrated Lights-out 4 (iLO 4)

[German]The management software Integrated Lights-out 4 (iLO 4) for HP-Proliant Server has a critical vulnerability, allowing remote code execution on a system without login.

Posted in devices, issue, Security, Update | Tagged , , | Leave a comment

US-CERT warns: Microsoft Windows LNK vulnerability

[German]US-CERT issued a warning: Microsoft Windows automatically executes code specified in shortcut (LNK) files. This allows attackers to execute malware during viewing a lnk file. A public exploit is available.

Posted in Security, Windows | Tagged , , | Leave a comment

WINS is legacy and vulnerable, use DNS instead

[German]Today just a short note for Windows Administrators in enterprises. Windows Internet Name Service (WINS) is legacy and contains a vulnerability. Therefore WINS should not be deployed anymore. Switch to DNS instead.

Posted in Security, Windows | Tagged , , , , , | Leave a comment

Advertising

New details to Intel’s AMT vulnerability

On Mai 1, 2017 Intel disclosed the AMT vulnerability (INTEL-SA-00075), without publishing details. Security Researcher from Tenable has analyzed this vulnerability.

Posted in computer, Security | Tagged , , , , , | Leave a comment

Warning: Dridex botnet addresses Word zero day vulnerability

User of Microsoft Word should be rather careful, because there is a zero day vulnerability within Microsoft Word. Now Dridex botnet sends millions of spam e-mails to users, containing malware attachments, addressing this Microsoft Word zero day exploit.

Posted in Office, Security | Tagged , , , , | Leave a comment

Critical vulnerabilities in Kaspersky Internet Security

Four critical vulnerabilities has been reported in Kaspersky Internet Security Version 16.0.0 (and probably in other Kaspersky products). Kaspersky has fixed this vulnerabilities with an update.

Posted in Update, Windows | Tagged , , , | Leave a comment

Vulnerabilities and Backdoors in Dell’s SonicWALL

Some bad news for users of Dell’s SonicWALL security solution. Security researchers has identified six Vulnerabilities including a hidden ‘Backdoor’ in Dell’s SonicWALL Global Management System (GMS), Version 8.1 (Build: 8110.1197).

Posted in computer | Tagged , , | Leave a comment

Security flaw in Symantec’s AV products sets you at risk

Bad news for all computer users (Windows and Mac OS) working with Symantec’s Anti Virus-/security solutions. Tavis Ormandy from Google’s project zero has uncovered a vulnerability that affects all Norton/Symantec security products.

Posted in Windows | Tagged , , , , | Leave a comment