There are two rated high vulnerabilities exist in Microsoft software that’s publicly disclosed and have the patches released! One of them affecting Windows OS is explained in http://www.microsoft.com/technet/security/bulletin/ms07-051.mspx for MS Agent vulnerability which pretty much affects those using Windows 2000 with SP4 (most likely a … “MSN and MS-Agent exploits”

There’s a possible bypass for authentication when LDAP is used for Chap/MsChap in Cisco’s VPN. An attacker can access your internal network without providing authentication at all. This is quite serious to those running LDAP on PIXes and ASAes. So far, as i can remember … “Multiple Vulnerabilities with Cisco’s PIX and ASA”

In a recent ISA Server 2006 Level 400 class, we discussed a vulnerability on Exchange server that could lead to remote code execution. The particular remote attack is listed in CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0213 and rated high in it’s severity. If you have customers or run Exchange … “URGENT! – Serious security flaws with all Microsoft Exchange versions”

Was doing some reading on my frequently accessed security page, SANS and found these two vulnerabilities that should be of mention. These two software i use well, often, like Quicktime (for my ITunes) and Asterisk (for my mobile VoIP support). Quicktime- A vulnerability that allows … “Vulnerabilities on Quicktime and Asterisk”

It comes as no surprise that the exploitation of the MS DNS issue is out and around. According to Symantec, this particular worm executes several vulenrability checks (much like a security scanner) and exploits those that are vulnerable. In short, the process is completely automated … “W32.Rinbot – Exploitation of Windows DNS and other vulnerabilities”

My previous post talks about the DNS vulnerability and now the exploit codes are available and are being used already to VERY EASILY EXPLOIT DNS servers especially within an organization (typically). No one in their right mind would publish RPC over the internet, right.., right..!!?? … “WARNING – DNS Zero day exploit code is public”

A new buffer overflow vulnerability with the RPC protocol for managing the DNS service in Windows 2000 (all SPs) and Windows 2003 (all SPs) has been discovered by hackers. Upon successful execution of this exploit, the attacker can run code with the security equivalent of … “Windows 2000/2003 DNS Server Service Zero Day Exploit”

Yesterday (Apr 10, 2007), Microsoft released 4 to 5 updates for Vista. I downloaded and patched the CSRSS manually and got 4 updates on WindowsUpdate program. Also, there’s a couple of high criticality vulnerabilities on Windows and anyone running Windows should immediately run Windows update. … “Vista updates”