Posts Tagged patches

Windows7 New Utility for Meeting Security Compliance

Posted by Mourad Ben Lakhoua in Operating System, Software Security, Tools on April 12, 2010

A new tool has been introduced by Microsoft for analyzing Windows 7 and Internet Explorer 8 security level. Security Compliance Manager is the name of this tool which is designed to simplify protection standard usage and security requirement at the IT environment.

Security Compliance Manager provides a single application to automate system management configuration and eliminate potentially dangerous situations such as missing service pack, account wrong configuration or a risky software vulnerability…

Microsoft Security Compliance Manager allows IT specialist to create, deploy, execute and manage client and server windows editions, including windows7 as well as related applications. The tool allows an access to a full Microsoft recommended settings database to perform changes on system directly by M$FT. The format of downloads can take different kinds —including Desired Configuration Management (DCM) packs, Security Content Automation Protocol (SCAP), XLS, or Group Policy objects (GPOs)—to export the baselines to your
environment and automate the security baseline compliance verification process.

For more details you can visit Microsoft TechNet page.

make sure you subscribe to my RSS feed!

Microsoft, patches, Security Compliance Manager, Windows7

View Comments

Microsoft prepares 13 patches for Next Tuesday

Posted by Mourad Ben Lakhoua in Operating System, Software Security, Vulnerabilities on February 5, 2010

Microsoft announce that they are about to release a 13 security updates on next Tuesday, these new security patches are issued to fix 26 security vulnerabilities in windows operating system and Microsoft office suite.

According to the Advanced Notification five updates are critical and the 8 others are important. While we can find 11 of 13 patches are issued to fix vulnerabilities in one or more operating systems, and the remaining two patches are for Office XP and Office 2003 for windows and Office 2004 for Mac.

Among the patches we can find a fix for a 17 year old Bug in 32-bit windows version, and will close the loophole that involves the venerable DOS operating system. Internet Explorer two recent critical vulnerabilities will not be patched for this Tuesday updates.

You can find Microsoft Security Bulletin Advance Notification for February 2010 Here.

make sure you subscribe to my RSS feed!

Microsoft, Microsoft Office, patches, Security

View Comments

Hewlett-Packard Fixes a Bunch of OpenView Vulnerabilities

Posted by Mourad Ben Lakhoua in Vulnerabilities, Vulnerabilities & attacks on December 11, 2009

HPOpenViewLogo
Hewlett-Packard Company has released several patches for a bunch of vulnerability on OpenView Software products. HP advises administrators to install the patches immediately to mitigate the risk.

OpenView Network Node Manager (OV NNM) is affected by 12 critical bugs that attackers could use to execute remote arbitrary code and gain control over the system.

The vulnerable versions are OV NNM 7.01 and 7.35 running on HP-UX, Linux, Solaris and Microsoft Windows. But here it is important to note that fixes are released only to version 7.53 so to install the patches for all previous versions Admin are required to upgrade to the latest one and then install the updates.

About eleven of the twelve bugs are detected by TippingPoint and the last bug is reported by researcher from IBM X-Force unit.

So go a head To review the Support Communication –Security Bulletin and act upon as soon as possible.

make sure you subscribe to my RSS feed!

Hewlett-Packard OpenView, patches, Security, System Monitoring, TippingPoint, Vulnerability

View Comments

Microsoft leaves patches surprise

Posted by Mourad Ben Lakhoua in News, Operating System, Vulnerabilities on September 6, 2009

Patch Microsoft announced lately that it will release five critical updates for windows, but at this time Microsoft did not provide the technical details regarding the patch list like the previous one.

However Andrew Storms nCircle’s Director of Security Operations, made a statement about the possible upgrade kit composition, In particular the expert suggested that we will see update for the Active Template Library (ATL) the vulnerability which has been disclosed publically in July while there is four to five updates concerning Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

According to Storm the Tuesday patches will not include the IIS Web server vulnerability while Microsoft promised that it would patch IIS at some point.

Release of these bulletins is scheduled for Tuesday, September 8, so we are still looking for the surprise.

make sure you subscribe to my RSS feed!

Microsoft, Microsoft IIS 0-day, patches

View Comments

Cisco Releases Security Advisory for Firewall Services Module Vulnerability

Posted by Mourad Ben Lakhoua in News, Vulnerabilities on August 21, 2009

cisco Cisco has released a new update designed to patch vulnerabilities in their network devices. According to Cisco this hole can allow an attacker to create a denial of service on the routers and switches. This vulnerability particularly concerns the Cisco Firewall Services Module (FWSM) for Cisco catalyst 6500 and Cisco router 7600 series.

The vulnerability exists in the Firewall Services Module. By sending specially crafted ICMP messages to the Firewall Services Module, an attacker can cause a denial-of-service condition.

For this month there were already long lists of software patches among them the latest ColdFusion and JRun patches and the monthly set of patches by Microsoft that was designed to eliminate 19 Bugs.

So take a look at all security advisories and apply any necessary updates or workarounds to help mitigate the risks.

make sure you subscribe to my RSS feed!

Cisco, patches, Security Advisory, Vulnerability

View Comments