ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability

2016-10-20 Thread EMC Product Security Response Center
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ESA-2016-111: EMC Avamar Data Store and Avamar Virtual Edition Privilege Escalation Vulnerability EMC Identifier: ESA-2016-111 CVE Identifier: CVE-2016-0909 Severity Rating: CVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected pr

Defense in depth -- the Microsoft way (part 44): complete failure of Windows Update

2016-10-20 Thread Stefan Kanthak
Hi @ll, since more than a year now, Windows Update fails (not only, but most notably) on FRESH installations of Windows 7/8/8.1 (especially their 32-bit editions), which then get NO security updates at all [°]! One of the many possible causes: Windows Update Client runs out of (virtual) memory du

[CVE-2016-5195] "Dirty COW" Linux privilege escalation vulnerability

2016-10-20 Thread dirtycow
Debian: https://security-tracker.debian.org/tracker/CVE-2016-5195 Redhat: https://access.redhat.com/security/cve/cve-2016-5195 FAQ: https://dirtycow.ninja/

Defense in depth -- the Microsoft way (part 45): filesystem redirection fails to redirect the application directory

2016-10-20 Thread Stefan Kanthak
Hi @ll, on x64 editions of Windows, RegEdit.exe exists both as %windir%\regedit.exe and %windir%\SysWOW64\regedit.exe. states | [...] whenever a 32-bit application attempts to access [...] | %windir%\regedit.exe is redirected to %windir%\S

[security bulletin] HPSBGN03663 rev.1 - HPE ArcSight WINC Connector, Remote Code Execution

2016-10-20 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05313743 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05313743 Version: 1 HPSBGN03663 rev.1 - HPE Arc