VERT Threat Alert: February 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-765 on Wednesday, February 14th. In-The-Wild & Disclosed CVEs CVE-2018-0771 This vulnerability describes a Same-Origin Policy (SOP) bypass in Microsoft Edge. The SOP is designed to prevent content from one origin (defined by … Read More The post VERT Threat Alert: February 2018 Patch Tuesday Analysis appeared first on The State of Security.
Read more

VERT Threat Alert: January 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses the remainder of the Microsoft January 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-760 on Wednesday, January 10th. In-The-Wild & Disclosed CVEs CVE-2018-0802 A malicious file could cause code execution due to Microsoft Office Equation Editor’s failure to properly handle objects in … Read More The post VERT Threat Alert: January 2018 Patch Tuesday Analysis appeared first on The State of Security.
Read more

VERT Threat Alert: January 2018 Security Updates

Today’s VERT Alert addresses the Microsoft January 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-759 on Friday, January 5th. We are not yet certain if this release contains all January updates or if Tuesday will see a second set of updates released. In-The-Wild & Disclosed CVEs … Read More The post VERT Threat Alert: January 2018 Security Updates appeared first on The State of Security.
Read more

VERT Threat Alert: December 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses the Microsoft December 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-756 on Wednesday, December 13th. In-The-Wild & Disclosed CVEs This month, no Microsoft vulnerabilities have been publicly disclosed or are being actively exploited. There are, however, a couple of vulnerabilities that are … Read More The post VERT Threat Alert: December 2017 Patch Tuesday Analysis appeared first on The State of Security.
Read more

Determining Importance with Objective Vulnerability Scoring

The holiday season is upon us, and nearly every day, my wife asks me what I want for Christmas. As a pop culture geek with interests in most fandoms, I have dozens of items that I could ask for, but the ultimate question is what do I really want to ask her to spend money … Read More The post Determining Importance with Objective Vulnerability Scoring appeared first on The State of Security.
Read more

VERT Threat Alert: November 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses the Microsoft November 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-752 on Wednesday, November 15th. In-The-Wild & Disclosed CVEs CVE-2017-8700 A Cross Origin Resource Sharing bypass could allow information disclosure in ASP.NET Core. Microsoft has rated this as a 2 on the … Read More The post VERT Threat Alert: November 2017 Patch Tuesday Analysis appeared first on The State of Security.
Read more

VERT Threat Alert: October 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses the Microsoft October 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-746 on Wednesday, October 11th. In-The-Wild & Disclosed CVEs CVE-2017-8703 This CVE describes a publicly disclosed denial of service vulnerability which impacts the Windows Subsystem for Linux. Microsoft has rated this as … Read More The post VERT Threat Alert: October 2017 Patch Tuesday Analysis appeared first on The State of Security.
Read more

VERT Threat Alert: September 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses the Microsoft September 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-742 on Wednesday, September 13th. In-The-Wild & Disclosed CVEs CVE-2017-8759 This vulnerability, discovered by researchers at FireEye, has been exploited as part of the spread of the FINSPY malware as documented in … Read More The post VERT Threat Alert: September 2017 Patch Tuesday Analysis appeared first on The State of Security.
Read more