취약점 정보1 썸네일형 리스트형 December 2015 Microsoft Patch Special Note: MS15-127 looks particularly "nasty". A remote code execution vulnerability in Microsoft's DNS server. Microsoft rates the exploitability as "2", but doesn't provide much details as to the nature of the vulnerability other than the fact that it can be triggered by remote DNS requests, which is bad news in particular if you are using a Microsoft DNS server exposed to the public inter.. 더보기 Apple Patches And to not be outdone by Microsoft and Adobe, Apple just released patches for:iOS 9.2 A total of 50 vulnerabilities (CVE IDs) are addressed. About 10 of them affect WebKit and may lead to arbitrary code execution by visiting a malicious website. There are a large number of additional remote code execution vulnerabilities in various iOS components that are patched.watchOS 2.1 A lot of overlap wit.. 더보기 Dell System Detect installs root certificate and private key (DSDTestProvider) OverviewDell System Detect installs the DSDTestProvider certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle (MiTM), and passive decryption attacks, resulting in the exposure of sensitive information.DescriptionDell System Detect .. 더보기 Android MediaServer Bug Traps Phones in Endless Reboots We have discovered a new vulnerability that allows attackers to perform denial of service (DoS) attacks on Android’s mediaserver program. This causes a device’s system to reboot and drain all its battery life. In more a severe case, where a related malicious app is set to auto-start, the device can be trapped in an endless reboot and rendered unusable.The vulnerability, CVE-2015-3823, affects An.. 더보기 BIND Denial of Service Vulnerability Blamed on Windows 2000 Compatibility Code The BIND implementation of the Domain Name System (DNS) is a critical part of the infrastructure of the Internet. For example, almost all of the 13 root name servers use BIND. On July 28 a vulnerability was published in BIND that could be anonymously exploited by an attacker. To crash the server, all an attacker would have to send malicious TKEY records. A CVE number was assigned (CVE-2015-5477).. 더보기 OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability IntroductionWith the release of OS X 10.10 Apple added some new features to the dynamic linker dyld. One of these features is the new environment variable DYLD_PRINT_TO_FILE that enables error logging to an arbitrary file.DYLD_PRINT_TO_FILEThis is a path to a (writable) file. Normally, the dynamic linker writes all logging output (triggered by DYLD_PRINT_* settings) to file descriptor 2 (which i.. 더보기 Special Microsoft Bulletin Patching Remote Code Execution Flaw in OpenType Font Drivers Microsoft just released a special "out fo band" security bulletin with a patch for a remote code execution vulnerability in Windows' OpenType font drivers. The update replaces a patch released last week (MS15-077). Microsoft rates the vulnerability critical for all currently supported versions of Windows. Microsoft says in it's bulletin, that it had information that the vulnerability was public,.. 더보기 "Hacking Team"BIOS와 UEFI에 감염 루트킷을 이용하여 자사 제품의 에이전트를 PC에 상주 "Hacking Team '에서 공개 한 정보의 조사가 진행되고 있습니다 만, 더욱 중요한 발견이있었습니다. 그것은 Hacking Team이 자사 제품 'Remote Control System (RCS)」의 에이전트를 대상으로하는 PC에 설치하기 위해 BIOS와 UEFI에 감염 루트킷을 이용하고 있었다 것입니다. 즉, 사용자가 하드 디스크 초기화 및 OS 재설치 새로운 하드 디스크를 구입했다고해도, Microsoft Windows가 시작 실행되면 에이전트도 설치 될 수 있습니다.BIOS와 UEFI는 PC가 하드웨어를 제어하는 프로그램입니다. Hacking Team은 널리 이용되는 PC 용 BIOS 제조업체 "Insyde"의 BIOS를위한 코드를 작성했습니다. 그러나이 코드는 다른 BIOS 제조업체 ".. 더보기 MS 제품군 7월 정기 업데이트 #AffectedContra Indications - KBKnown ExploitsMicrosoft rating(**)ISC rating(*)clientsserversMS15-058Remote Code Execution Vulnerabilities in SQL Server (This bulletin was supposed to be part of the June 2015 patch Tuesday, but got delayed until today)SQL Server CVE-2015-1761 CVE-2015-1762 CVE-2015-1763KB 3065718no.Severity:Important Exploitability: 2N/AImportantMS15-065Internet Explorer Rollup .. 더보기 자바 업데이트 권고 DescriptionA Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Plea.. 더보기 이전 1 ··· 18 19 20 21 22 23 24 ··· 62 다음