Microsoft publicizes November Patch Tuesday security updates today, fixing 74 common vulnerabilities and exposures (CVEs) in the family of Windows operating systems and related products. Out of these, 13 are classified as “Critical” and 61 as “Important”. Amongst the 13 Critical vulnerabilities, there is one vulnerability in Internet Explorer which is under the radar of […]

Read More →

Squid is an open-source web caching and Internet proxy application which is widely used for speeding up the webserver and aiding in its security. A heap buffer overflow vulnerability has been discovered in some versions of the Squid web proxy cache servers. This vulnerability is tracked as CVE-2019-12527 and could be exploited by attackers to […]

Read More →

  After last year’s Service Message Block (SMB) ultra-shock, this year a new denial-of-service vulnerability is discovered in SMBv3 which can be exploited to crash Windows 8.1 and Windows Server 2012 R2 machines with a single packet. This vulnerability has been assigned CVE-2018-0833. Technical Jargon: The negotiation of the SMBv3 session always starts with an […]

Read More →

SMBLoris is a remote, unauthenticated application-level denial of service (DoS) attack against Microsoft Windows operating systems. It is caused by a very old memory-handling bug in the Server Message Block (SMB) network protocol implementation. The vulnerability lies in the way SMB packets are processed and memory is allocated. It was discovered by two RiskSense security researchers — Sean […]

Read More →

OpenSSH is a free suite of connectivity tool aka OpenBSD Secure Shell, which provides secure encryption for both remote login and file transfer between two hosts over a network. CVE-2016-6515 (Denial of Service Vulnerability) It has been discovered that OpenSSH server incorrectly handles password hashing while authenticating non-existing users. In OpenSSH versions prior to 7.3, the ‘auth_password’ function in ‘auth_passwd.c’ script, […]

Read More →

Microsoft February 2016 Patch Tuesday bring 13 Security Bulletins, which is addressing 37 vulnerabilities. Six are rated as Critical and 7 are Important. Following six bulletins are rated as Critical, MS16-009 for Internet Explorer.  MS16-011 for Microsoft Edge. MS16-012 for Windows PDF Library.  MS16-013 for Windows Journal. MS16-015 for Microsoft Office and MS16-022  for Adobe Flash Player.   Microsoft security bulletin summary for February 2016 in order of severity […]

Read More →