Смотрите также связанные темы
24.10.2018 Corporate News: Kaspersky Lab strongly recommends installing new Windows update
Kaspersky Lab, a leading developer of secure content management solutions, is notifying computer users about the need to install the Windows operating system update MS08-067 (http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx). The vulnerability that this new update patches is a...
05.11.2018 Companies Spend $250M on Microsoft Vulnerability…Unless They’re with McAfee
As most of you now know, on 10/23, Microsoft announced a critical out-of-cycle patch (MS08-067) to fix a flaw being exploited by hackers. The vulnerability affects all major versions of Microsoft Windows. In just a matter of moments, attackers can gain total remote control of a system and install malware, keyloggers, and Trojans. A successful [...]
08.02.2018 MS13-005 (win32k.sys) exploit POC
MS13-005 (win32k.sys) The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application. This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT. For more information, see the subsection, Affected and Non-Affected Software, in this section. include <windows.h> #include <stdio.h> int main() { nbsp; STARTUPINFO si = {0}; nbsp; PROCESS_INFORMATION pi = {0}; nbsp; PC...
02.07.2018 CVE-2010-2549
Use-after-free vulnerability in Microsoft Windows Vista and Server 2008 allows local users to cause a denial of service (crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, which causes a process object to be deleted while it is still in use.
04.09.2018 CVE-2008-3916
Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.
18.09.2018 Сентябрьские обновления для критических уязвимостей SQL Server
Как мы писали ранее, на сайте обновлений Microsoft появились обновления, часть из которых относится к серверам баз данных. Обзорная статья по всем исправлениям опубликована здесь. Подробная информация о применении обновлений опубликована на этой странице. Проблема безопасности, обнаруженная в SQL Server, может предоставить злоумышленнику возможность нарушения безопасности системы и получения над ней контроля. Путем установки этого обновления Вы можете защитить компьютер.
10.09.2018 CVE-2008-3012
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corrupt...
14.10.2018 CVE-2008-4038
Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
16.10.2018 MS Windows XP/2003 AFD.sys Privilege Escalation Exploit (K-plugin)
Цель: Microsoft Windows XP/2003 Воздействие: Повышение привилегий
14.10.2018 CVE-2008-4441
The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197.
|
|
