Optimal Security : the Lumension Blog

Today’s Patch Tuesday release is being overshadowed by a new zero-day vulnerability in Internet Explorer that can allow remote code execution. The exploit reportedly is currently being used in targeted attacks in the wild. It was reported today in an advisory by Microsoft - the same day they released the monthly patches for March 2010.
From [...]

So, a couple of weeks ago we were all very concerned about the MS10-015 patch included in the February security update from Microsoft which seemed to cause the dreaded Blue Screen of Death (BSOD) on some machines. As we “went to press” with our blog post, the news was just breaking that the underlying cause [...]

So, another Patch Tuesday has passed – and it was a big one. But the news late Thursday 02/11 was a bit less nice: it seems that one of the patches included causes that dreaded BSOD on certain Windows XP boxes.
Microsoft is aware of the problem, which involves the MS10-015 bulletin (aka the 17-year-old Windows [...]

Paul Henry, Forensics and Security Analyst, provides his insights in this February 2010 Patch Tuesday Security Briefing.

After a light start to the year in terms of patching, Microsoft is throwing out its heaviest patch load in four years for IT departments to tackle for the month of February with 13 patches in all - five of which have a maximum security rating of critical.
Three of the critical patches standout from the [...]

Paul Henry, Forensics and Security Analyst, provides his insights in this January 2010 Patch Tuesday Security Briefing.

When you begin to dig into the intricacies of accurately projecting what the threat landscape will look like in the next year, it is actually relatively easy in some respects. Just look at failing defensive technologies and you’ll have a good indication of what will transpire in our network environments. Let me explain.
The best example [...]

The IT security community has been buzzing about a new zero-day exploit for Adobe that is reportedly in the wild.  It is now being investigated by Adobe and initial details are available on Adobe’s blog.
The malicious PDF files are reportedly being used in targeted attacks with the PDF being sent as an email attachment and [...]

So, no sooner do I get done writing about how Win7 is a much better OS, albeit not perfect, from a security perspective than the first zero-day threat is revealed. And this after Microsoft (triumphantly?) issued no Win7 security updates in last week’s Patch Tuesday extravaganza, that included a fix (MS09-065) to a Windows kernel [...]

With Microsoft Patch Tuesday right around the corner, life gets even more interesting for IT professionals with the release this morning of a new Zero Day DoS exploit impacting Microsoft FTP server.
This comes on the heels of a more serious issue. Just days ago, an exploit was released that can allow a remote user to [...]