Severity Rating: Important
Revision Note: V1.0 (March 8, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Monthly Archives: March 2016
MS16-024 – Critical: Cumulative Security Update for Microsoft Edge (3142019) – Version: 1.0
Severity Rating: Critical
Revision Note: V1.0 (March 8, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
MS16-025 – Important: Security Update for Windows Library Loading to Address Remote Code Execution (3140709) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (March 8, 2016): Click here to enter text.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Windows fails to properly validate input before loading certain libraries. However, an attacker must first gain access to the local system with the ability to execute a malicious application.
MS16-030 – Important: Security Update for Windows OLE to Address Remote Code Execution (3143136) – Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (March 8, 2016): Click here to enter text.
Summary: TBD
ISC Releases Security Updates for DHCP Server
Original release date: March 07, 2016
Internet Systems Consortium (ISC) has released security updates to address a vulnerability in versions of ISC Dynamic Host Configuration Protocol (DHCP) server. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.
Updated versions of ISC DHCP (4.1-ESV-R13 and 4.3.4) will be available soon, and current workarounds are described in ISC Knowledge Base Article AA-01354. US-CERT encourages users and administrators to review this article and apply the necessary updates when available.
This product is provided subject to this Notification and this Privacy & Use policy.
Kaspersky Lab Launches a Safer Way for Children to Explore the Digital World
New Kaspersky Safe Kids Solution Provides Advanced Parental Controls Across Multiple Devices
ATutor LMS 2.2.1 CSRF Remote Code Execution
ATutor LMS versions 2.2.1 and below cross site request forgery remote code execution exploit that leverages install_modules.php.
EMC Documentum xCP 2.1 / 2.2 Information Disclosure
EMC Documentum xCP allows authenticated non-admin users to view information about other users.
Glideslope drives growth from a niche customer base
Many of our channel partners are driving successful businesses by building their reputations from a niche customer base – by proving their understanding of those clients’ special needs they grow a portfolio of very happy, referenceable sites. Here’s how one partner is using our AVG Business AntiVirus and Internet Security solutions to ensure its not-for-profit customers can operate virus and spam free and focus on their valuable work.
Glideslope Software Ltd, in Manchester, England, has developed highly specialized expertise in delivering quality IT support to charitable organizations. Now, with those services underpinned by the right security solutions, Glideslope is leveraging customer satisfaction to get a foot in the door at other businesses.
To give you an idea of the security issues, some of Glideslope’s charity customers have as many as 12 administrative sites and hostels, with staff travelling between locations and who introduce data to the network from a risky mix of devices and memory sticks. The problem is how best to secure and manage the data of geographically dispersed sites, as well as staff who are operating on disparate and often ageing hardware. Data security is further complicated by UK’s strict laws covering end client privacy and the use of cloud-based services. And, of course, every proposal has to deliver the greatest value for the money.
Glideslope’s answer to bringing a consistent level of service to all its client organizations has been to install AVG Internet Security Business Edition and AVG AntiVirus Business Edition. As its clients’ current policies expire, Glideslope is migrating all 35 of its regular clients – with 1,000 end users – to AVG Internet Security Business Edition or AVG CloudCare, depending on the best fit.
John Miller, Glideslope Software’s Director, describes his approach: “We see efficient IT support as the key to our clients’ growth, agility and happy employees. For our charity sector customers in particular, AVG Business solutions are essential in ensuring they can operate virus and spam free so they can seamlessly and effortlessly continue their valuable work.”
He’s also pretty pleased with how the AVG suite is helping his operations: “AVG works brilliantly in the background, so no calls from clients checking on pop ups. The admin console shows us which machines have problems. The Anti-Spam plug-in removes over 2500 spam emails before they reach end user machines. And I can’t remember the last time a client called to say they’d found a virus that AVG had missed. Everyone saves time and money.”
So, while areas of specialization can create differentiators for you in the marketplace, what every channel partner needs to do is back that expertise with quality services, at an affordable price, and a trusted, knowledgeable team.
Mandos Encrypted File System Unattended Reboot Utility 1.7.4
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.