Friday, January 10, 2014

CPE: McAfee AudioParasitic: Episode 68 MS patch tuesday

length 00:07:24

the zero patch Tuesday

compare the last 2 months is is fairly light
6 bulletins
9 vulnerabilities, including the activeX killbit

most critical:
1. MS09-028: MS Directshow 3 CVEs 2009-1537: directX null byte vulnerability
specially crafted quicktime <- very easy to exploit
2. MS09-032: vulnerability in Microsoft Video ActiveX Control killbit update on IE <-exploited in the wild
3. MS09-029: opentype overflow
exploitable via webpage, remote code exploit: CVE 2009-0231, CVE 2009-0232

the rest are important:
- RSA server
- publish
- virtual PC < privilege excalation

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home