torsdag 10 januari 2013

Nya säkerhetshål i Microsoft's mjukvaror





Zscaler stoppar de XSS, DoS och bypass av säkerhetsfunktioner som uppmärksammats i januari's patchar från Microsoft. Zscaler arbetar med Microsoft genom MAPPs-programmet, som ger ett pro-aktivt skydd mot nya sårbarheter - helt utan extra mjukvara på klienten.



MS13-003 – Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)
Severity: Important
Affected Software
  • Microsoft System Center Operations Manager 2007 
CVE-2013-0009 System Center Operations Manager Web Console XSS Vulnerability

CVE-2013-0010 System Center Operations Manager Web Console XSS Vulnerability
Description: A cross-site scripting (XSS) vulnerability exists in System Center Operations Manager that could allow specially crafted script code to run under the guise of the server.
 
MS13-007 – Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)
Severity: Important
Affected Software
  • Windows XP
  • Windows server 2003
  • Windows Vista
  • Windows server 2008
  • Windows 7
  • Windows 8
  • Windows server 2012
CVE-2013-0005  Replace Denial of Service Vulnerability
Description: A denial of service vulnerability exists in the OData specification that could allow denial of service.
 
MS13-006 – Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)
Severity: Important
Affected Software
  • Windows Vista
  • Windows server 2008
  • Windows 7
  • Windows 8
  • Windows server 2012
  • Windows RT
CVE-2013-0013  Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists in the way that the Microsoft Windows SSL/TLS (Secure Socket Layer and Transport Layer Security) handle the SSL version 3 (SSLv3) and TLS protocols.

www.wecloud.se
info@wecloud.se