Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 31 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Four Microsoft patches but more from Oracle and Adobe

by The Gurus
January 15, 2014
in Editor's News
Share on FacebookShare on Twitter

Microsoft released its lightest patch bundle in over a year last night, addressing four important issues in Windows, Office, and Dynamics AX.
 
Despite only being rated as important, Microsoft rated MS14-002 as the priority, as this addresses a publicly known issue in the Windows Kernel.
 
Ross Barrett, senior manager of security engineering at Rapid7, said: “MS14-002, addresses the somewhat awaited kernel elevation of privilege issues known as CVE-2013-5065, which was reported and disclosed back in November with some limited exploitation in the wild. The issue only affects Windows XP and 2003 systems, but if you are running those I would consider this something to patch quickly.”
 
Despite the small number of patches, Wolfgang Kandek, CTO of Qualys described this as “plenty of work for IT administrators due to releases by Adobe and Oracle”. Talking about MS14-002, he said: “The vulnerability is a local Escalation of Privilege, so it can only be used by an attacker who is already on the machine as a standard user and needs to gain administrative rights.
 
“Microsoft first acknowledged its existence on 27th November in KB2914486 and indicated that it was used in a small number of targeted attacks that used a patched vulnerability in Adobe Reader (APSB13-15 from May 2013) as a delivery vehicle.”
 
Tyler Reguly, security research and development manager for Tripwire, called this the “only interesting patch” as it was used in conjunction with Adobe exploits to escape the sandbox and gain system level access.
 
“Microsoft and Adobe has been mostly synchronised for a while now and that has made security teams’ lives easier. I was, however, shocked to see Oracle jumping on the bandwagon this month. Here’s hoping large enterprises have everything in place to handle the sheer volume of patches coming out today. With three major vendors releasing content, this is definitely a time to have solid vulnerability management program in place,” he said.
 
Oracle addressed 144 vulnerabilities in its Critical Patch Update (CPU) for January 2014, with the majority of vulnerabilities in Java v7. Adobe is releasing two critical updates: APSB14-01 is an update to Adobe Acrobat and Reader, with an attack vector being a PDF file; and APSB14-02 is an update to Adobe Flash, which has the typical attack vectors of malicious web pages and documents with embedded Flash objects.

FacebookTweetLinkedIn
Tags: MicrosoftPatchVulnerability
ShareTweetShare
Previous Post

Varonis delivers transparency into data access and usage for NPD Group

Next Post

Target admit there was malware on PoS systems

Recent News

Data Privacy Day: Securing your data with a password manager

For Cybersecurity, the Tricks Come More Than Once a Year

March 31, 2023
cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information