Posts by dpicotte

2 min Nexpose

Nexpose Content Release Cadence

Over the past year our Nexpose team has taken on the challenge of overhauling our product and internal processes to enable more frequent and seamless content releases. The objective is simple, get customers content to their consoles faster without disrupting their workflow and currently running or scheduled scans. This enables security teams to respond to industry trends much faster and coupled with our new adaptive security feature enables low impact delta scans of just the new or updated vulne

1 min

Update Tuesday, September 2015

This month, Microsoft includes 12 security bulletins, comprised of 52 CVEs, with five bulletins being rated critical. All five critical bulletins (MS15-094, MS15-095, MS15-097, MS15-098, MS15-099) and MS15-100 are remote code execution issues affecting Internet Explorer, Edge, Microsoft Graphics, Windows Journal, Microsoft Office and Media Center. Users can be affected by the remote execution issues by viewing a specially crafted web page, journal file, office file or media center link (.mcl).

3 min Microsoft

Update Tuesday, August 2015

This month's update includes 14 Microsoft security bulletins (52 CVEs), with three being rated as critical. One of these vulnerabilities has already affected MS office (MS15-081) and has been detected as being exploited in the wild. As per the norm, Adobe has also released a high priority Air\Flash security patch (APSB15-19) to address 34 CVEs on multiple affected platforms (IE, Edge, Windows, Macintosh, Android and iOS). Microsoft seems to have implemented a new strategy for Windows 10, as the

2 min

Patch Tuesday, July 2015

Administrators and security teams are in for a hectic week tackling 14 [] Microsoft security bulletins, 2 [] Adobe updates addressing 4 CVEs for Flash\Shockwave and Oracle has released their quarterly update for 63 [] of their product suites (including Java, Oracle DB, MySQL and Solaris). Of the 14 Microsoft security bulletins, 4 re

1 min

Patch Tuesday, June 2015

This month Microsoft has released 8 security bulletins, affecting all supported platforms through remote code execution and elevation of privilege. Of the 8 Microsoft security bulletins, two are critical. Both critical bulletins (MS15-056 and MS15-057) are phishing based attacks requiring execution of a specially crafted website or specially crafted Microsoft Office file. An escalation of privilege could be possible in Microsoft Exchange Server (MS15-064) by means of Server-Side Request Forgery

1 min Patch Tuesday

Patch Tuesday, May 2015

This month Microsoft has released 13 security bulletins, once again this affects all supported platforms and includes remote code execution and elevation of privilege vulnerabilities. To accompany these patch updates, Adobe has released new versions of Reader, Acrobat and Flash Player resulting in vulnerability fixes for 52 CVEs (most of which are rated as critical). Of the 13 Microsoft bulletins, 3 are rated as critical and require user interaction for exploitability, this is typical of attacks

2 min Patch Tuesday

Patch Tuesday, April 2015

Administrators and security teams are in for a busy couple days tackling 11 Microsoft security bulletins, 3 Adobe updates and Oracle updates for 43 of their product suites (including Java, Databases and Solaris). Of the 11 Microsoft bulletins, 4 are rated as 'Critical' and affect virtually all supported desktop/server platforms and all supported installations of MS Office (including Office for Mac 2011). These 11 bulletins address 26 CVEs, with the exploitation of CVE-2015-1641 being detected i

1 min

Patch Tuesday, March 2015

This month Microsoft has released 14 new bulletins, 5 of which are rated as “Critical” and another 9 as “Important”. As a déjà vu from last month, a critical remote code execution vulnerability (MS15-018) affecting all supported Internet Explorer versions (6-11) is being patched, which addresses 12 CVEs. The patch addresses issues with Internet Explorer's memory management that could allow the remote corruption of memory and result in the execution of malicious code as the current user. As alway