Risk

1/30/2008
04:19 PM
Jake Widman
Jake Widman
Commentary
50%
50%

Microsoft Security Patch Shown to Be Necessary

CNET

If you skipped Microsoft's first security patch of 2008, a new demonstration of its vulnerability should spur you to action.The security firm Immunity has released a working version of a TCP/IP exploit that would affect unpatched Windows XP and Vista systems. The company didn't release the exploit into the wild -- they provided it to their clients for use in testing their systems vulnerability. Still, the existence of the exploit proves its workability and increases the attraction for malicious distribution of a similar attack. A successful attacker could, according to Microsoft, "install programs; view, change, delete data; or create new accounts with full user rights" on an affected system.

You need to be registered with Immunity to get details of the exploit, but you can view a video about it. The latest Microsoft patch is available here.CNET

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11471
PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.
CVE-2018-11472
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVE-2018-11473
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
CVE-2018-11474
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
CVE-2018-11475
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.