1 / 11

Previous Gnews

Microsoft released 13 critical patches, including remote code execution vulnerabilities, for Windows, Internet Explorer, and other software. Additionally, Apple, VLC Player, Adobe Reader, and browsers received updates. Potential security risks and emerging threats discussed.

czajkowski
Download Presentation

Previous Gnews

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Previous Gnews

  2. Patch Tuesday • 13 Patches – 8 Critical, Affects pretty much everything • Other updates, MSRT, Defender Definitions, Junk Mail Filter • MS09-050 - SMBv2 Remote Code Execution • MS09-051 - Windows Media Runtime Remote Code Execution • MS09-052 - Vulnerability in Windows Media Player Remote Code Execution • MS09-053 - FTP Service for Internet Information Services Remote Code Execution • MS09-054 - Cumulative Security Update for Internet Explorer • MS09-055 - Cumulative Security Update of ActiveX Kill Bits • MS09-056 - Windows CryptoAPI Spoofing • MS09-057 - Vulnerability in Indexing Service Remote Code Execution • MS09-058 - Windows Kernel Elevation of Privilege • MS09-059 - Vulnerability in Local Security Authority Subsystem Service Denial of Service • MS09-060 - Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Remote Code Execution • MS09-061 - the Microsoft .NET Common Language Runtime Remote Code Execution • MS09-062 - GDI+ Remote Code Execution

  3. Holes / Patches • Oracle Patches are due Oct 20th. • Apple iTunes 9.0.1 • Apple Xsan 2.2 • Apple Security Update 2009-005 • Mac OS X 10.6 • Bug in 10.6 wipes user data • VLC Plyer, multiple buffer overflows • googleapps.exe mishandles ‘googleapps.url.mailto:’ • Adobe Reader • Browsers - Chrome, Firefox

  4. Hacking • Skulpt and Pyjamas – Python in a browser • Twitter direct messaging “worm” • Phishing attempt • variance-based radio tomographic imaging • X-Ray vision via wireless • PayPal null prefix SSL certificate • Moxie Marlispike – SSLsniff and SSLstrip • Office Starter 2010 • Ad Based Office Lite

  5. Corp. Hell Facebook to shutdown Beacon Microsoft Essentials goes live, blocked on “unofficial” OSes Next version of Firefox will fix XSS Content Security Policy (CSP) iPhone to allow VOIP

  6. Books

  7. Games Wii upgrade attempts to block home-brew

  8. Papers • A Spotlight on Security and Privacy Risks with Future • Household Robots: Attacks and Lessons • University of Washington • [IN]SECURE Magazine 22

  9. Updates snort.2.8.5 Websecurify flawfinder source code review NST v2.11.0 Emerging threats changes rule sets, config update needed John the ripper 1.7.3.4 samhain 2.5.9c file integrity

  10. Con • ToorCon, 23-25 Oct / San Diego • http://toorcon.org/

  11. All images scavenged without permission All images scavenged without permission

More Related