Remote Coverage for MS15-034 HTTP.sys Vulnerability (CVE-2015-1635)
Patch Tuesday last week saw the release of Microsoft security bulletin MS15-034,
which addresses CVE-2015-1635, a remote code execution vulnerability in
Microsoft Internet Information Services (IIS) running on Windows 7 / Server 2008
R2 and later. This vulnerability can be trivially exploited as a denial of
service attack by causing the infamous Blue Screen of Death (BSoD) with a
HTTP request [https://www.youtube.com/watch?v=BlBXREzsytc].
In order to provide better assessment of your ass
Audit the security configuration on your Cisco devices with Nexpose 5.7.14
Nexpose 5.7.14 brings you the ability to audit the configurations on your Cisco
network devices for security in accordance to best practices in the industry.
What is a configuration benchmark?
A configuration benchmark is a scoring system which evaluates an asset's
compliance against a set of security policy rules. The benchmarks are derived
from industry best practices and consensus from domain knowledge experts to help
organizations evaluate the security of the systems and devices on their
New VMware ESX/ESXi coverage is elegant in its simplicity
The Nexpose coverage team is dedicated to providing weekly updates to the
Nexpose vulnerability database so that you can have the assurance that your
assets are protected against the latest security vulnerabilities. For this
week's release, the coverage team is proud to present a complete overhaul for
our VMware ESX/ESXi content.
Why? You may ask
In our old coverage model, we connected to the ESX or ESXi server via an
authenticated SSH session to retrieve a list of installed patches on the serv