Eskenzi PR Eskenzi PR
  • About Us
Sunday, 7 March, 2021
IT Security Guru
Eskenzi PR
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Four Microsoft patches but more from Oracle and Adobe

by The Gurus
January 15, 2014
in Editor's News
Share on FacebookShare on Twitter

Microsoft released its lightest patch bundle in over a year last night, addressing four important issues in Windows, Office, and Dynamics AX.
 
Despite only being rated as important, Microsoft rated MS14-002 as the priority, as this addresses a publicly known issue in the Windows Kernel.
 
Ross Barrett, senior manager of security engineering at Rapid7, said: “MS14-002, addresses the somewhat awaited kernel elevation of privilege issues known as CVE-2013-5065, which was reported and disclosed back in November with some limited exploitation in the wild. The issue only affects Windows XP and 2003 systems, but if you are running those I would consider this something to patch quickly.”
 
Despite the small number of patches, Wolfgang Kandek, CTO of Qualys described this as “plenty of work for IT administrators due to releases by Adobe and Oracle”. Talking about MS14-002, he said: “The vulnerability is a local Escalation of Privilege, so it can only be used by an attacker who is already on the machine as a standard user and needs to gain administrative rights.
 
“Microsoft first acknowledged its existence on 27th November in KB2914486 and indicated that it was used in a small number of targeted attacks that used a patched vulnerability in Adobe Reader (APSB13-15 from May 2013) as a delivery vehicle.”
 
Tyler Reguly, security research and development manager for Tripwire, called this the “only interesting patch” as it was used in conjunction with Adobe exploits to escape the sandbox and gain system level access.
 
“Microsoft and Adobe has been mostly synchronised for a while now and that has made security teams’ lives easier. I was, however, shocked to see Oracle jumping on the bandwagon this month. Here’s hoping large enterprises have everything in place to handle the sheer volume of patches coming out today. With three major vendors releasing content, this is definitely a time to have solid vulnerability management program in place,” he said.
 
Oracle addressed 144 vulnerabilities in its Critical Patch Update (CPU) for January 2014, with the majority of vulnerabilities in Java v7. Adobe is releasing two critical updates: APSB14-01 is an update to Adobe Acrobat and Reader, with an attack vector being a PDF file; and APSB14-02 is an update to Adobe Flash, which has the typical attack vectors of malicious web pages and documents with embedded Flash objects.

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: MicrosoftPatchVulnerability
ShareTweetShare
Previous Post

Varonis delivers transparency into data access and usage for NPD Group

Next Post

Target admit there was malware on PoS systems

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Malaysia Airlines

Malaysia and Singapore Airlines Breached in Third Party Hacks

March 5, 2021
Fraud attempts skyrocketed in 2020 according to latest Financial Crime Report from Feedzai

Fraud attempts skyrocketed in 2020 according to latest Financial Crime Report from Feedzai

March 4, 2021

Top 10 awards to enter for cybersecurity 

March 3, 2021
Medal

Identity theft: US Congressional Medal of Honor

March 3, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept