Tag Archives: Vulnerability
[German]Microsoft has introduced a new file format (.SettingContent-ms) for Windows 10 in 2015. However, this file format proves to be a weak point, as any commands and applications can be defined for execution via the underlying XML structures.
Critical vulnerabilities in Microsoft’s Malware Protection Engine (CVE-2017-11937 and CVE-2017-11940)
[German]Microsoft’s Malware Protection Engine has a critical memory corruption vulnerability that allows remote code execution. Microsoft released a security advisory on December 6, 2017 and says corresponding security updates are available. Here are what I found out till now. [Update: … Continue reading
[German]The management software Integrated Lights-out 4 (iLO 4) for HP-Proliant Server has a critical vulnerability, allowing remote code execution on a system without login.
[German]US-CERT issued a warning: Microsoft Windows automatically executes code specified in shortcut (LNK) files. This allows attackers to execute malware during viewing a lnk file. A public exploit is available.
[German]Today just a short note for Windows Administrators in enterprises. Windows Internet Name Service (WINS) is legacy and contains a vulnerability. Therefore WINS should not be deployed anymore. Switch to DNS instead.
On Mai 1, 2017 Intel disclosed the AMT vulnerability (INTEL-SA-00075), without publishing details. Security Researcher from Tenable has analyzed this vulnerability.
User of Microsoft Word should be rather careful, because there is a zero day vulnerability within Microsoft Word. Now Dridex botnet sends millions of spam e-mails to users, containing malware attachments, addressing this Microsoft Word zero day exploit.
Four critical vulnerabilities has been reported in Kaspersky Internet Security Version 16.0.0 (and probably in other Kaspersky products). Kaspersky has fixed this vulnerabilities with an update.
Some bad news for users of Dell’s SonicWALL security solution. Security researchers has identified six Vulnerabilities including a hidden ‘Backdoor’ in Dell’s SonicWALL Global Management System (GMS), Version 8.1 (Build: 8110.1197).
Bad news for all computer users (Windows and Mac OS) working with Symantec’s Anti Virus-/security solutions. Tavis Ormandy from Google’s project zero has uncovered a vulnerability that affects all Norton/Symantec security products.