Monthly Archives: June 2016

Hackers News

Hack the Pentagon: Hackers find over 100 Bugs in U.S. Defense Systems

The “Hack the Pentagon” bug bounty program by the United States Department of Defense (DoD) has been successful with more than 100 vulnerabilities uncovered by white hat hackers in Pentagon infrastructure.

In March, the Defense Department launched what it calls “the first cyber Bug Bounty Program in the history of the federal government,” inviting hackers to take up the challenge of

US-CERT

Microsoft Releases June 2016 Security Bulletin

Original release date: June 14, 2016

Microsoft has released 16 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the following Microsoft Security Bulletins MS16-063 through MS16-082 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT

Adobe Releases Security Updates

Original release date: June 14, 2016

Adobe has released security updates to address vulnerabilities in DNG Software Development Kit (SDK), Brackets, Creative Cloud Desktop Application and Cold Fusion. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB16-19, APSB16-20, APSB16-21 and APSB16-22 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsft

MS16-069 – Critical: Cumulative Security Update for JScript and VBScript (3163640) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (June 14, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsft

MS16-080 – Important: Security Update for Microsoft Windows PDF (3164302) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (June 14, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. However, an attacker would have no way to force a user to open a specially crafted .pdf file.

Microsft

MS16-081 – Important: Security Update for Active Directory (3160352) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (June 14, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.

Microsft

MS16-079 – Important: Security Update for Microsoft Exchange Server (3160339) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (June 14, 2016): Bulletin published.
Summary: This security update resolves vulnerabilites in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL.