Skip navigation

Qualys News

11 Posts tagged with the security-alerts tag
0
TCSR_Report.pngA new bi-annual report from security experts TippingPoint®, SANS Institute and Qualys® highlights the most significant attacks over the last six months, as well as the vulnerabilities these attacks exploit and how they can harm business. The report shows that many businesses are still extremely vulnerable to security attacks that can damage brand reputations and business operations. It helps businesses to review their defenses and ensure networks are up to date and able to quickly respond to today's emerging attacks.

Key findings of the Top Risks Report include:

  • Unpatched popular client-side applications put businesses at risk for data theft: PC applications often remain unpatched, compromising these machines to be used to propagate attacks and compromise internal computers. This leaves a window open for hackers to steal critical data, impact network performance and affect business continuity. Examples of these applications include Adobe Acrobat Reader, Microsoft Office and Apple QuickTime.
  • The number of Web application attacks is increasing, elevating the threat posed by previously trusted Web sites: Web applications comprise more than 60 percent of the total attack attempts occurring on the Internet. These vulnerabilities are being exploited widely to convert trusted Web sites into malicious servers serving client-side exploits.
  • Operating system vulnerabilities are decreasing, but still pose a significant threat to an organization's security resources: Operating systems (OS) have a lower number of vulnerabilities that can be remotely exploited to become massive Internet worms. The Conficker/Downadup is the exception and represents a major hole in many organizations' security strategy. Attacks on Microsoft OS were dominated by Conficker/Downadup worm variants. For the past six months, over 90 percent of the attacks recorded for Microsoft targeted the buffer overflow vulnerability described in the Microsoft Security Bulletin MS08-067.
  • A growing number of vulnerability researchers is causing a backlog of unpatched software and a greater risk that these will be exploited. The number of people discovering zero day vulnerabilities is growing fast, yielding a growing number of vulnerabilities that remain unpatched - some for as long as two years. This lag time in patching increases the chance of hackers creating an exploits targeting those vulnerabilities.
Full Report
0
Security-Alert-WK+AS.gif

Qualys® Vulnerability R&D Lab has a released new vulnerability check in QualysGuard® to protect organizations against 3 new vulnerabilities present in Microsoft Windows. Customers can immediately audit their networks for this and other new vulnerabilities by accessing their QualysGuard subscription.

Microsoft released on March 10, 3 security patches to fix newly discovered flaws in Microsoft Windows. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities:

        - Windows Kernel Vulnerability Could Allow Remote Code Execution
        - Windows Schannel Security Package Could Allow Spoofing Vulnerability
        - Vulnerabilities in DNS and WINS Server Could Allow Spoofing

Read Alert
Listen to Podcast
0
Security-Alert-WK+AS.gif

Qualys® Vulnerability R&D Lab has a released new vulnerability check in QualysGuard® to protect organizations against 4 new vulnerabilities present in Microsoft Windows. Customers can immediately audit their networks for this and other new vulnerabilities by accessing their QualysGuard subscription.

Microsoft released on February 10, 4 security patches to fix newly discovered flaws in Microsoft Windows. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities:

        - Microsoft Internet Explorer Cumulative Security Update
        - Microsoft Outlook Web Access for Exchange Server Elevation of Privilege
        - Microsoft SQL Server Remote Memory Corruption Vulnerability
        - Microsoft Office Visio Could Allow Remote Code Execution

Read Alert
Listen to Podcast
0
Security-Alert-WK+AS.gif

Qualys® Vulnerability R&D Lab has a released new vulnerability check in QualysGuard® to protect organizations against 1 new vulnerability present in Microsoft Windows. Customers can immediately audit their networks for this and other new vulnerabilities by accessing their QualysGuard subscription.

Microsoft released on January 13, 1 security patch to fix newly discovered flaws in Microsoft Windows. The Qualys Vulnerability R&D Lab has released the following check for this new vulnerabilities:

        - Microsoft SMB Could Allow Remote Code Execution

Read Alert
Listen to Podcast

Related Coverage:
Microsoft Quietly Patches First Tuesday In '09, by Jason Lee Miller, SecurityProNews
Microsoft, Oracle Issue Patches, While Zero-Day Exploits Surface, by Thomas Claburn, InformationWeek
Microsoft Patches 'Super Nasty' Windows Bugs, by Gregg Keizer, Computerworld
Microsoft, RIM, Oracle Release Critical Patches, by Robert McMillan, ITworld
0
Security-Alert-WK+AS.gif

Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against 9 new vulnerabilities present in Microsoft Windows. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their QualysGuard subscription.

Microsoft released on December 9, 8 security patches to fix newly discovered flaws in Microsoft Windows. Microsoft has also released 1 advisory that currenlty does not have a patch. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities, including:

        - Microsoft Wordpad Text Converter Vulnerability
        - Microsoft Visual Basic Runtime Extended Files Remote Code Execution Vulnerability
        - Microsoft Windows GDI+ Remote Code Execution Vulnerability
        - Microsoft Word Multiple Remote Code Execution Vulnerabilities
        - Microsoft Internet Explorer Cumulative Security Update
        - Microsoft Excel Multiple Remote Code Execution Vulnerabilities
        - Microsoft Windows Search Remote Code Execution Vulnerability
        - Microsoft Windows Media Components Remote Code Execution Vulnerability

Read Alert
Listen to Podcast

Related Coverage:
Microsoft Slates 8 Bug Updates for Year's Final Patch Tuesday, by Gregg Keizer, Computerworld
Windows Users Indifferent to Microsoft Patch Alarm, by Gregg Keizer, Computerworld
Zero-Day Bug Discovered In IE7, by Tim Wilson, DarkReading
Hackers Having Field Day With IE Zero Day Attacks, by Erika Morphy, TechNewsWorld
0
Security-Alert-WK+AS.gif

Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against 2 new vulnerabilities present in Microsoft Windows. Customers can immediately audit their networks for these and other recent vulnerabilities by accessing their QualysGuard subscription.

Microsoft released on November 11, 2 security patches to fix newly discovered flaws in Microsoft Windows. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities:

- Microsoft SMB Could Allow Remote Code Execution
- Microsoft XML Core Services Remote Code Execution Vulnerability
Read Alert
Listen to Podcast

Related Coverage:
Microsoft Patches Long-Known Windows Bugs, by Gregg Keizer, Computerworld
Microsoft Doles Out Two Patches for Four Flaws, by Dan Kaplan, SC Magazine
Teed Up for November: Office, Windows Fixes, by Andy Patrizio, InternetNews.com
0
Security-Alert-WK+AS.gif

Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 4 new vulnerabilities present in Microsoft Windows. Customers can immediately audit their networks for these and other recent vulnerabilities by accessing their QualysGuard subscription.

Microsoft released on September 9, 4 security patches to fix newly discovered flaws in Microsoft Windows. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities, including:

- Microsoft Windows GDI+ Remote Code Execution Vulnerability
- Microsoft Windows Media Encoder 9 Remote Code Execution Vulnerability
- Microsoft Windows Media Player Remote Code Execution Vulnerability
- Microsoft Office Remote Code Execution Vulnerability
Read Alert
Listen to Podcast

Related Coverage:
Patch Tuesday Addresses Eight Critical Vulnerabilities, by Jennifer LeClaire. Newfactor.com

0
Security-Alert-WK+AS.gif

Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 11 new vulnerabilities present in Microsoft Windows. Customers can immediately audit their networks for these and other recent vulnerabilities by accessing their QualysGuard subscription.

Microsoft released on August 12, 11 security patches to fix newly discovered flaws in Microsoft Windows. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities, including:

- Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
- Microsoft Word Could Allow Remote Code Execution
- Microsoft Excel Could Allow Remote Code Execution
- Microsoft Office Filters Could Allow Remote Code Execution
- Microsoft Internet Explorer Cumulative Security Update
- More...
Read Alert
Listen to Podcast

Related Coverage:
Microsoft Fixes IE, Office in Big Month of Security Updates, by Elizabeth Montalbano, IDG News Service
Microsoft Issues Massive Security Update for Windows, by Greg Keizer, Computerworld
0
Security-Alert-WK+AS.gif

Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 4 new vulnerabilities present in Microsoft Windows. Yesterday's Microsoft Patch Tuesday marks a first - a synchronized industry wide effort for the patching of a common vulnerability. Customers can immediately audit their networks for these and other recent vulnerabilities by accessing their QualysGuard subscription.

Microsoft released in July, 4 security patches to fix newly discovered flaws in Microsoft Windows. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities, including:

- DNS Could Allow Spoofing
- Microsoft Windows Explorer Remote Code Execution Vulnerability
- Microsoft Outlook Web Access for Exchange Server Elevation of Privilege
- Microsoft SQL Server Could Allow Elevation of Privilege
Read Alert
Listen to Podcast

Coming Soon -- the next update on Qualys® Vulnerability R&D Lab takes place August 12th.

0
Security-Alert.gif

Qualys® Vulnerability R&D Lab has released new vulnerability checks in QualysGuard® to protect organizations against the 4 new vulnerabilities present in Microsoft Windows. Customers can immediately audit their networks for these and other recent vulnerabilities by accessing their QualysGuard subscription.

Microsoft released in June, seven security patches to fix newly discovered flaws in Microsoft Windows. The Qualys Vulnerability R&D Lab has released the following checks for these new vulnerabilities, including:

- Microsoft Windows Bluetooth Stack Could Allow Remote Code Execution
- Cumulative Security Update for Internet Explorer
- Cumulative Security Update of ActiveX Kill Bits
- Vulnerabilities in DirectX Could Allow Remote Code Execution
- Vulnerability in WINS Could Allow Elevation of Privilege
- More...
Read Alert

Coming Soon -- the next update on Qualys® Vulnerability R&D Lab takes place July 8th.
0