======================================================================== The Secunia Weekly Advisory Summary 2012-04-27 - 2012-05-04 This week: 25 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4................................................Secunia Corporate News 5..................................................This Week in Numbers ======================================================================== 1) Word From Secunia: Shifting targets and patching strategies For an organisation with over 600 programs installed in their network, more than 50% of the programs that are vulnerable in one year will not be vulnerable the next year, and vice versa. "A typical corporate infrastructure contains layers of programs that organisations consider business-critical. Many organisations will focus on patching the top layer - business-critical programs - only. Cybercriminals, however, will target all programs." - Secunia. If you haven.t had the chance to read the Secunia Yearly Report for 2011, download it here: http://secunia.com/company/2011_yearly_report/ ======================================================================== 2) This Week in Brief: Andrea Micalizzi has discovered a vulnerability in McAfee Virtual Technician MVTControl ActiveX Control, which can be exploited by malicious people to compromise a user's system. http://secunia.com/advisories/49007/ A weakness, a security issue, and multiple vulnerabilities have been reported in HP Systems Insight Manager, which can be exploited by malicious, local users to potentially gain escalated privileges and by malicious people to disclose sensitive information, conduct cross-site scripting and cross-site request forgery attacks, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. http://secunia.com/advisories/49035/ Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose certain system and sensitive information, bypass certain security restrictions, and compromise a user's system. http://secunia.com/advisories/48995/ Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system. http://secunia.com/advisories/48992/ VMware has acknowledged some vulnerabilities in VMware ESX Server, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges and by malicious people to cause a DoS (Denial of Service) and potentially compromise the vulnerable system. http://secunia.com/advisories/48959/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: For more information on how to receive alerts on these vulnerabilities, subscribe to the Secunia business solutions: http://secunia.com/advisories/business_solutions/ 1. [SA48959] VMware ESX Server Multiple Vulnerabilities 2. [SA48009] Oracle Java SE Multiple Vulnerabilities 3. [SA48932] Mozilla Firefox / Thunderbird Multiple Vulnerabilities 4. [SA48962] Microsoft Visual Studio Linker Integer Overflow Vulnerability 5. [SA48992] Google Chrome Multiple Vulnerabilities 6. [SA49035] HP Systems Insight Manager Multiple Vulnerabilities 7. [SA48988] PHP Volunteer Management Cross-Site Scripting and SQL Injection Vulnerabilities 8. [SA48977] HP NonStop Server Java Multiple Vulnerabilities 9. [SA48976] Samba LSA RPC "take ownership" Privilege Security Bypass Security Issue 10. [SA48938] Net-SNMP Agent MIB Subtree Handling Denial of Service Vulnerability ======================================================================== 4) Secunia Corporate News Tech Smart Life: Secunia PSI review 'Keep Windows programs updated with the Secunia Personal Software Inspector - PSI'. Read the review here: http://www.techsmartlife.com/2012/04/18/secunia-personal-software-inspector/ Meet Secunia @ IT security events in May & June 2012 FS-ISAC & BITS Annual Summit (14-17 May, Miami), ISF Nordic Spring Conference (31 May-01 June, Oslo), Gartner Security & Risk Management Summit (11-14 June, Washington DC): http://secunia.com/resources/events/ ======================================================================== 5) This Week in Numbers During the past week 25 Secunia Advisories have been released. All Secunia customers have received immediate notification on the alerts that affect their business. This weeks Secunia Advisories had the following spread across platforms and criticality ratings: Platforms: Windows : 3 Secunia Advisories Unix/Linux : 12 Secunia Advisories Other : 0 Secunia Advisories Cross platform : 10 Secunia Advisories Criticality Ratings: Extremely Critical : 0 Secunia Advisories Highly Critical : 6 Secunia Advisories Moderately Critical : 7 Secunia Advisories Less Critical : 11 Secunia Advisories Not Critical : 1 Secunia Advisory ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.orgReceived on Mon May 07 2012 - 01:45:35 PDT
This archive was generated by hypermail 2.2.0 : Mon May 07 2012 - 01:41:39 PDT