One Article Review
| Source |  SecurityWeek |
|---|---|
| Identifiant | 513563 |
| Date de publication | 2018-03-14 16:39:02 (vue: 2018-03-14 16:39:02) |
| Titre | Microsoft Patches Remote Code Execution Flaw in CredSSP (Recyclage) |
| Texte | A vulnerability (CVE-2018-0886) patched by Microsoft with its March 2018 security patches was a remote code execution flaw in the Credential Security Support Provider protocol (CredSSP) used by Remote Desktop Protocol (RDP) and Windows Remote Management (WinRM). This vulnerability can be exploited by an attacker to relay user credentials to execute code on a target system. The authentication provider, Microsoft explains, processes authentication requests for other applications, meaning that the vulnerability puts all applications that depend on CredSSP at risk. Preempt, which discovered the bug, explains |
| Notes | |
| Envoyé | Oui |
| Condensat | 2018 addressed all april arghire arghire:microsoft async attackscritical backdoor bay browser certificates ciso code columns com/js/plusone conference correspondent createelement credssp credsspsap critical cyber decade distribution: distrust document dozen email execution flaw flaws forum function getelementsbytagname google half https://apis ics industry insertbefore international ionut links march microsoft moon new news oceanlotus oct old over parentnode patches previous ransomware rdp recent register related: remote report root script securenvoy security securityweek securmailfirefox singapore spies sponsored src symantec tags: text/javascript tops true; tweet type usa use var vulnerabilities |
| Tags | |
| Stories | APT 32 |
| Move | 
|
Les reprises de l'article (1):
| Source | SecurityWeek |
|---|---|
| Identifiant | 512180 |
| Date de publication | 2018-03-14 03:00:02 (vue: 2018-03-14 03:00:02) |
| Titre | SAP Patches Decade-Old Flaws With March 2018 Patches |
| Texte | SAP this week released its March 2018 set of security patches to address High and Medium priority vulnerabilities in its products. A total of 10 Security Notes were included in the SAP Security Patch Day this month, three rated High priority and 7 considered Medium priority. Two of the Notes were updates for previously released Security Notes. SAP this month included 17 Support Package Notes in the Security Patch Day, for a total of 17 Security Notes, ERPScan (a company that specializes in securing Oracle and SAP applications) reports. 11 of the Notes were released after the second Tuesday of the last month and before the second Tuesday of this month. The most severe of the Security Notes addresses three vulnerabilities in SAP Internet Graphics Server (IGS) and carries a High priority rating (CVSS Base Score: 8.8). The bugs include CVE-2004-1308 (memory corruption), CVE-2005-2974 (denial of service), and CVE-2005-3350 (remot |
| Notes | |
| Envoyé | Oui |
| Condensat | 2018 addressed all april arghire arghire:sap async attacks attackscritical backdoor bay campaign certificatesnew ciso columns com/js/plusone conference correspondent createelement cyber cyberespionage day decade distrust document february flaws forum function getelementsbytagname google half high https://apis ics industry insertbefore international ionut january light linked links march moon muddywater new news oceanlotus oct old parentnode patch patches previous publishes recent register related: resolves risk root sap script securenvoy security securityweek securmailfirefox singapore spies sponsored src symantec tags: text/javascript true; tweet type usa use var vulnerabilities |
| Tags | |
| Stories | APT 32 |
| Move |
|
L'article ne semble pas avoir été repris sur un précédent.