PREVIOUS GNEWS. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT,...

9
PREVIOUS GNEWS

Transcript of PREVIOUS GNEWS. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT,...

Page 1: PREVIOUS GNEWS. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-071 - Cumulative.

PREVIOUS GNEWS

Page 2: PREVIOUS GNEWS. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-071 - Cumulative.

• 16 Patches / 49 Vulns – 4 Critical• Affecting most everything

• Other updates, MSRT, Defender Definitions, Junk Mail Filter

– MS10-071 - Cumulative Security Update for Internet Explorer– MS10-072 - SafeHTML , Could Allow Information Disclosure– MS10-073 - Windows Kernel-Mode Drivers, Elevation of Privilege – MS10-074 - Microsoft Foundation Classes, Remote Code Execution – MS10-075 - Media Player Network Sharing Service, Remote Code

Execution– MS10-076 - Embedded OpenType Font Engine, Remote Code Execution – MS10-077 -.NET Framework, Remote Code Execution – MS10-078 - OpenType Font (OTF) Format Driver, Elevation of Privilege– MS10-079 - Microsoft Word, Remote Code Execution– MS10-080 - Microsoft Excel, Remote Code Execution– MS10-081 - Windows Common Control Library, Remote Code Execution – MS10-082 - Windows Media Player, Remote Code Execution– MS10-083 - COM Validation in Windows Shell and WordPad, Remote Code

Execution– MS10-084 - Windows Local Procedure Call, Elevation of Privilege– MS10-085 - SChannel, Denial of Service (2207566)– MS10-086 - Windows Shared Cluster Disks, Tampering

Patch Tuesday

Page 3: PREVIOUS GNEWS. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-071 - Cumulative.

• Oracle, 85 patches

• Adobe, 3 patches (23 holes in Reader)– APSB10-21 Adobe Reader and Acrobat– APSB10-22 Adobe Flash Player– APSA10-03 Flash Player

• Apple,– Security Update 2010-006– QuickTime 7.6.8

• Cisco– 14 patches, multiple products– NTP and SSLVPN, DoS– Multiple issues with H.323

• Browsers– YES

Holes / Patches

Page 4: PREVIOUS GNEWS. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-071 - Cumulative.

Corp. Hell

• Apple patents parental controls

• Apple trademarks “there’s an app for that”

Page 5: PREVIOUS GNEWS. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-071 - Cumulative.

Papers Hakin9 is out (email, ipv6, voip)

(IN)Secure Magazine #27 is out

Page 6: PREVIOUS GNEWS. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-071 - Cumulative.

OWSP ZAP (Zed Attack Proxy)A fork of Paros Proxy

Updates

Page 7: PREVIOUS GNEWS. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-071 - Cumulative.

Gfirst 6 presentations posted (Aug 2010)http://www.us-cert.gov/GFIRST/presentations.html

Lite coverage of HITBhttp://www.themalaysianinsider.com/features/article/securing-the-future/

Past Cons

Page 8: PREVIOUS GNEWS. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-071 - Cumulative.

ToorConSan Diego CA

20 – 22 Oct 2010

DayConDayton, OH

22 – 23 Oct 2010

SecTorToronto CA

25 – 27 Oct 2010

B-SidesDallas, TX6 Nov 2010

Con

Page 9: PREVIOUS GNEWS. 16 Patches / 49 Vulns – 4 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-071 - Cumulative.

All images scavenged without permission

All images scavenged without permission


Rios (2013) medical device vulns

Rios (2013) medical device vulns

MS10 Buoyancy Level Switch Horizontal Mounted Electric ... · Horizontal Mounted Electric Switch K-TEK Level products ... electro-mag- netic devices ... MS10 Buoyancy Level Switch

MS10 Buoyancy Level Switch Horizontal Mounted Electric ... · Horizontal Mounted Electric Switch K-TEK Level products ... electro-mag- netic devices ... MS10 Buoyancy Level Switch

Php Vulns Slides

Php Vulns Slides

THE UNFORTUNATE REALITY OF INSECURE LIBRARIES OWASP Libraries.pdf · What’s More Secure: Vulns or No Vulns? Library A Library B CVE-2007-1234 OSVDB 12345 OSVDB 31337 CVE-2009-5678

THE UNFORTUNATE REALITY OF INSECURE LIBRARIES OWASP Libraries.pdf · What’s More Secure: Vulns or No Vulns? Library A Library B CVE-2007-1234 OSVDB 12345 OSVDB 31337 CVE-2009-5678

MS10 Captain Lloyd H. “Kinky” Bayers Collection, 1898-1967 ...

MS10 Captain Lloyd H. “Kinky” Bayers Collection, 1898-1967 ...

Top Notch MSRT EPT Free Discussion tCOUtse TOEFL IELTS ...

Top Notch MSRT EPT Free Discussion tCOUtse TOEFL IELTS ...

Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529

Security mgt track turner-aaron-11am-.issa-la.mobile vulns.150529

Deserialization vulns - Zeronights 2017 · 2017-11-27 · Various representations of objects: - JSON - XML - YAML - Binary - … Java has ~ 30 libs (formats, speed, capabilities,

Deserialization vulns - Zeronights 2017 · 2017-11-27 · Various representations of objects: - JSON - XML - YAML - Binary - … Java has ~ 30 libs (formats, speed, capabilities,

Lawful Hacking: Wiretapping via Internet Vulns

Lawful Hacking: Wiretapping via Internet Vulns

PREVIOUS GNEWS. 4 Patches – 2 bugs addressed Affecting Windows, Windows Servers, Other updates, MSRT, Defender Definitions, Junk Mail Filter, RootCert.

PREVIOUS GNEWS. 4 Patches – 2 bugs addressed Affecting Windows, Windows Servers, Other updates, MSRT, Defender Definitions, Junk Mail Filter, RootCert.

Open Source Insight: Record Vulns in 2017 and Predictions for Open Source in 2018

Open Source Insight: Record Vulns in 2017 and Predictions for Open Source in 2018

Information Security Partners, LLC iSECPartners.com Attacking AJAX Web Applications Zane Lackey zane@isecpartners.com Blackhat Japan October 5, 2006 Vulns.

Information Security Partners, LLC iSECPartners.com Attacking AJAX Web Applications Zane Lackey [email protected] Blackhat Japan October 5, 2006 Vulns.

Translational h is w - Liverpool Health Partners Bill... · Torrent MSRT-PCR Identify mutations for ... " Andrea(Bauer((" ... " James(Nicholson((" ...

Translational h is w - Liverpool Health Partners Bill... · Torrent MSRT-PCR Identify mutations for ... " Andrea(Bauer((" ... " James(Nicholson((" ...

Exploiting Internal Network Vulns via the Browser Using ...€¦ · Exploiting Internal Network Vulns via the Browser Using BeEF Bind Michele Orru Ty Miller RuxCon 2012. Ty Miller

Exploiting Internal Network Vulns via the Browser Using ...€¦ · Exploiting Internal Network Vulns via the Browser Using BeEF Bind Michele Orru Ty Miller RuxCon 2012. Ty Miller

Exploiting Internal Network Vulns via the Browser Using ...2012.ruxcon.org.au/.../rux/Rooting_Your_Internals... · with Javascript • No more alert(1) crap • Features like ManInTheBrowser,

Exploiting Internal Network Vulns via the Browser Using ...2012.ruxcon.org.au/.../rux/Rooting_Your_Internals... · with Javascript • No more alert(1) crap • Features like ManInTheBrowser,

PREVIOUS GNEWS. Patches – ? Critical – ? CVEs Affected – ? Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-052+ - NEXT WEEK FOOL Patch.

PREVIOUS GNEWS. Patches – ? Critical – ? CVEs Affected – ? Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS12-052+ - NEXT WEEK FOOL Patch.

Erik Cabetas An Overview of Interpreted Language Vulns.

Erik Cabetas An Overview of Interpreted Language Vulns.

PREVIOUS GNEWS. 6 Patches – 9 bugs addressed Affecting Windows, Outlook Express / Windows Mail, Office, IE Other updates, MSRT, Defender Definitions,

PREVIOUS GNEWS. 6 Patches – 9 bugs addressed Affecting Windows, Outlook Express / Windows Mail, Office, IE Other updates, MSRT, Defender Definitions,

Alaska State Library Historical Collectionslibrary.alaska.gov/hist/hist_docs/docs/ms010/ms10... · Alaska State Library Historical Collections Bayers, Lloyd H., 1911-1968 Captain

Alaska State Library Historical Collectionslibrary.alaska.gov/hist/hist_docs/docs/ms010/ms10... · Alaska State Library Historical Collections Bayers, Lloyd H., 1911-1968 Captain

GRIPS MS10 Public Sector Innovation

GRIPS MS10 Public Sector Innovation