11 matches found
Vulnerability in OpenSSL - Invalid free in DTLS
This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014. If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a...
June 2014 Security Bulletin Webcast and Q&A
Today we published the June 2014 Security Bulletin webcast questions and answers page along with the webcast replay. We answered six questions on air, with the majority focusing on the updates for TCP and Internet Explorer. The transcript also includes a question we did not have time to answer on...
Assessing risk for the June 2014 security updates
Today we released seven security bulletins addressing 66 unique CVE’s. Two bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. This table is designed to help you prioritize the deployment of updates appropriately for your...
Theoretical Thinking and the June 2014 Bulletin Release
As security professionals, we are trained to think in worst-case scenarios. We run through the land of the theoretical, chasing “what if” scenarios as though they are lightning bugs to be gathered and stashed in a glass jar. Most of time, this type of thinking is absolutely the correct thing for...
Microsoft Releases June 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, Internet Explorer, Lync, and Lync Server as part of the Microsoft Security Bulletin Summary for June 2014. Some of these vulnerabilities could allow remote code executions. US-CERT encourages users and administrators to...
OpenSSL Server-Side ChangeCipherSpec Injection Scanner
This module checks for the OpenSSL ChangeCipherSpec CCS Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this...
CVE-2014-1770
creationtimestamp| type| source ---|---|--- 2014-06-05 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2014/06/advance-notification-service-for-the-june-2014-security-bulletin-release/...
Threat Outbreak Alert RuleID10190: Email Messages Distributing Malicious Software on June 2, 2014
Medium Alert ID: 34520 First Published: 2014 June 2 20:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID10190 may contain the following files: Name | Size...
Security update 1970-01-01
...
Security update 1970-01-01
...
Security update 1970-01-01
...