Posts by csong

2 min Vulnerability Disclosure

Remote Coverage for MS15-034 HTTP.sys Vulnerability (CVE-2015-1635)

Patch Tuesday last week saw the release of Microsoft security bulletin MS15-034, which addresses CVE-2015-1635, a remote code execution vulnerability in Microsoft Internet Information Services (IIS) running on Windows 7 / Server 2008 R2 and later. This vulnerability can be trivially exploited as a denial of service attack by causing the infamous Blue Screen of Death (BSoD) with a simple HTTP request []. In order to provide better assessment of your ass

1 min

Audit the security configuration on your Cisco devices with Nexpose 5.7.14

Nexpose 5.7.14 brings you the ability to audit the configurations on your Cisco network devices for security in accordance to best practices in the industry. What is a configuration benchmark? A configuration benchmark is a scoring system which evaluates an asset's compliance against a set of security policy rules. The benchmarks are derived from industry best practices and consensus from domain knowledge experts to help organizations evaluate the security of the systems and devices on their n

2 min

New VMware ESX/ESXi coverage is elegant in its simplicity

The Nexpose coverage team is dedicated to providing weekly updates to the Nexpose vulnerability database so that you can have the assurance that your assets are protected against the latest security vulnerabilities. For this week's release, the coverage team is proud to present a complete overhaul for our VMware ESX/ESXi content. Why? You may ask In our old coverage model, we connected to the ESX or ESXi server via an authenticated SSH session to retrieve a list of installed patches on the serv