Category Archives: Security Updates← Older posts
Microsoft: This week, Microsoft released a critical security update to address a zero-day vulnerability in Windows that could allow a malicious user to take over an exploited computer. This update comes a week after the company released its July 2015 Security … Continue reading
Posted in Security Updates |
Adobe has released a security update for Flash Player. This update addresses a recently disclosed zero-day vulnerability that could result in system crashes and remote code execution. To update to the newest version of Flash Player, visit the Adobe downloads site at get.adobe.com/flashplayer. For more information about this vulnerability, see … Continue reading
Posted in Security Updates |
BACKGROUND Hackers have bypassed Microsoft’s previous security patch to address the Object Linking and Embedding (OLE) remote code execution flaw resulting in the company issuing an out-of-band patch this week. IMPACT The vulnerability could allow remote elevation of privilege in … Continue reading
BACKGROUND Hackers have bypassed Microsoft’s security patch to address the Sandworm vulnerability in Windows resulting in the company issuing another advisory and warning users of the new threat. IMPACT The vulnerability could allow remote code execution if a user opens … Continue reading
BACKGROUND There is a vulnerability in Adobe Flash that is being exploited in large scale attacks. The vulnerability is being tracked as CVE-2014-0569 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0558) on the Common Vulnerabilities and Exposures (CVE) database. The exploit includes memory corruption vulnerabilities and an integer overflow vulnerability that … Continue reading
Please note the following updates to the September 25 post regarding the Bash / Shellshock vulnerability.
Security researchers have recently identified several vulnerabilities in the OpenSSL encryption library in addition to the widely publicized Heartbleed bug (see https://it-security.usc.edu/2014/04/09/openssl-heartbleed-bug for more information about Heartbleed). System Administrators within USC’s IT units should complete the action items (fixes) summarized … Continue reading
The anonymous developers of TrueCrypt warned yesterday “Using TrueCrypt is not secure” and that “the development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.” They recommend using BitLocker on Windows and provide directions to migrate from TrueCrypt … Continue reading
Microsoft has issued a security advisory about a recently discovered zero-day vulnerability in Internet Explorer versions 6 – 11. The vulnerability could allow an attacker to install malware on a system without the user’s knowledge or consent if the user … Continue reading
Below is a partial list of vendors that have released updates to address the Heartbleed vulnerability.
This list will be updated as more information becomes available. Continue reading