Archive for January, 2010

VMware hardening guide

Wednesday, January 27th, 2010

http://isc.sans.org/diary.html?storyid=8080 VMware announces the first draft of the vSphere Hardening Guide, posted for public comment.  A worthy successor to the current VMware Hardening Guide, it contains over 100 guidelines, split into the following sections:     * Introduction     * Virtual Machines     * Host     * vNetwork     * vCenter     * Console OS (for […]

Article-creating passwords you can remember

Monday, January 25th, 2010

http://www.networkworld.com/news/2010/012210-creating-secure-passwords-you-can.html?hpg1=bn Creating Secure Passwords You Can Remember A study of passwords hacked from RockYou.com illustrates just how insecure most passwords are

Vulnerability in Internet Explorer could allow remote code execution

Friday, January 15th, 2010

This vulnerability is being exploited in IE versions 6-8 and on all Windows Operating Systems. Please follow the recommended procedures. RECOMMENDATIONS:We recommend the following actions be taken:  Consider applying appropriate workarounds recommended by Microsoft to vulnerable systems immediately after appropriate testing: ยท         Set Internet and Local intranet security zone settings to “High” to prompt before […]

Microsoft advises the removal of Flash player version 6 from XP

Wednesday, January 13th, 2010

http://isc.sans.org/diary.html?storyid=7957 Published: 2010-01-12,  As part of today’s bulletin release, Microsoft advices users of Windows XP to uninstall Flash Player 6 which is installed with Windows XP. Affected users should upgrade to the latest version or Flash Player which is available for download from Adobe. The Adobe Flash Player was only provided with Windows XP, up […]

January Microsoft patches – looks like a light month

Friday, January 8th, 2010

Everything I am seeing seems to indicate Jan will be a light patch month for Microsoft productshttp://blogs.technet.com/msrc/archive/2010/01/07/january-2010-bulletin-release-advance-notification.aspx It may be a new year but here in the Microsoft Security Response Center, it is business as usual. This month we have one bulletin addressing a single vulnerability in Windows. The vulnerability is critical on Windows 2000 […]

Vulnerability in IIS version 6.0

Monday, January 4th, 2010

According to what I am reading, this can only be exploited if best practice recommendations are not observed. http://blogs.technet.com/msrc/archive/2009/12/27/new-reports-of-a-vulnerability-in-iis.aspx Hi everyone, On Dec. 23 we were made aware of a new claim of a vulnerability in Internet Information Services (IIS). We are still investigating this issue and are not aware of any active attacks but […]