Defense in depth -- the Microsoft way (part 52): HTTP used to distribute (security) updates, not HTTPS

2018-02-14 Thread Stefan Kanthak
Hi @ll, yesterdays "Security update deployment information: February 13, 2018" links the following MSKB articles for the security updates of Microsoft's Office products:

[security bulletin] MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification

2018-02-14 Thread cyber-psrt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://softwaresupport.hpe.com/document/-/facetsearch/document/KM03091103 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03091103 Version: 1 MFSBGN03800 rev.1 -

[SECURITY] [DSA 4114-1] jackson-databind security update

2018-02-14 Thread Sebastien Delafond
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4114-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond February 15, 2018

[SECURITY] [DSA 4113-1] libvorbis security update

2018-02-14 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4113-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2018

NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security)

2018-02-14 Thread apparitionsec
[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt [+] ISR: Apparition Security [-_-] D1rty0tis Vendor: = www.nat32.com Product: = NAT32 Build

[SECURITY] [DSA 4112-1] xen security update

2018-02-14 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4112-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2018

Re: [FD] Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

2018-02-14 Thread Jeffrey Walton
On Fri, Feb 9, 2018 at 1:01 PM, Stefan Kanthak wrote: > Hi @ll, > > since about two or three years now, Microsoft offers Skype as > optional update on Windows/Microsoft Update. > > JFTR: for Microsoft's euphemistic use of "update" see >