All posts by 007admin

NVD

CVE-2014-3289 (content_security_management_appliance, email_security_appliance, ironport_asyncos, web_security_appliance)

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.

Microsft

2862973 – Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program – Version: 3.0

Revision Note: V3.0 (June 10, 2014): Revised advisory to rerelease the 2862973 update for Windows 8 and Windows Server 2012. This rerelease only applies to systems running Windows Embedded 8 and Windows Server 2012 for Embedded Systems. See the Advisory FAQ for more information.
Summary: Microsoft is announcing the availability of an update for supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT that restricts the use of certificates with MD5 hashes. This restriction is limited to certificates issued under roots in the Microsoft root certificate program. Usage of MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Microsft

2962824 – Update Rollup of Revoked Non-Compliant UEFI Modules – Version: 1.1

Revision Note: V1.1 (June 10, 2014): Advisory revised to announce a detection change for the update rollup (updates 2920189 and 2961908). This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.
Summary: With this advisory, Microsoft is revoking the digital signature for four private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot.

Microsft

MS14-034 – Important: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (June 10, 2014): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

NVD

CVE-2014-3969 (xen)

Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.

Panda Security

Panda Security launches Panda GateDefender eSeries 5.5, now with Application Control

Panda Security, The Cloud Security Company, today announced the inclusion of new and enhanced features in version 5.50 of Panda GateDefender eSeries, the company’s unified perimeter security device that protects against all types of threats. The new version includes a new, improved configuration wizard, next-generation VPN technologies, a new firewall for application control and real-time monitoring of corporate networks.
Panda GateDefender eSeries enables mid-size and large companies to protect their corporate network and increase their productivity, and is available in three different versions -hardware, software and virtual- to suit the needs of every type of organization. In addition, its Web interface allows centralized and flexible management from a single console, accessible from the cloud at any time.

Nueva imagen

New Features
Panda GateDefender eSeries 5.50 includes robust, next-generation VPN technologies that enable very fast and highly scalable VPN connections, while managing granular access permissions to the network. Additionally, the solution includes a new application control feature capable of identifying and blocking more than 170 applications including Facebook, Skype, Spotify or WhatsApp to improve productivity. Also, the new Panda GateDefender eSeries includes an improved configuration wizard with a new network mode that allows the use of outgoing firewalls and application control in bridge mode.
The solution also allows real-time monitoring of corporate networks through an intuitive interface that enables organizations to generate extremely granular, customized reports.
These new features add to the many benefits already provided by the solution:
– Flexible, cloud-based management to centrally monitor, manage and update appliances quickly and easily, anywhere, anytime.
– Increased user productivity and optimized resource usage thanks to spam neutralization, restricted access to unproductive content and services, and bandwidth usage control.
– Complete protection against all types of infections and intrusion attempts right from the start. Faster response to new malware threats via automatic updates and queries to the cloud.
– High Internet availability. Its routing policies allow configuration of multiple high-availability lines, as well as installation of multiple appliances in parallel to deliver fault-tolerant, secure connectivity.
– Flexible, seamless integration with existing IT infrastructures thanks to the wide range of available versions: hardware, virtual and software appliances.