Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2015-07-23 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Some more 0-days from ZDI

Published: 2015-07-23
Last Updated: 2015-07-23 08:42:37 UTC
by Mark Hofman (Version: 1)
4 comment(s)

For those of us that are in patching world the last few weeks has not been fun.  It seemed like there was a new critical issue almost every other day and almost certainly just after you finished the previous round of patching. I guess that is what happens when a hacking firm is breached. 

Well unfortunately I'm here to add to your woes.  BK wrote in (thanks) to remind me that on the same day that Microsoft patched a critical issue, ZDI released four vulnerabilities that, whilst based on their CVSS score may not quite reach critical (in Microsoft world), will likely result in a patch for most systems (including Windows phone).  

In this case all four were discovered in-house, disclosed to the vendor over 120 days ago and as of release unlikely to have an exploit associated with it. That is however likely to change. 

Mark H

Keywords: patching
4 comment(s)
Diary Archives