Network Security, Patch/Configuration Management, Vulnerability Management

Microsoft patch may not work

One of the patches issued by Microsoft this week does not fix one of the vulnerabilities it was meant to, according to PandaLabs. Bulletin MS09-008 was supposed to patch four flaws, but one of them -- related to Web Proxy Autodiscovery Protocol (WPAD) registration -- was not resolved, Panda said in a news release. Even with the patch, the bug is still active and can be used to launch man-in-the-middle attacks on Windows DNS servers, allowing an attacker to possibly access sensitive information, Panda said. — CAM



Related

US automaker subjected to FIN7 attack

BlackBerry researchers disclosed that a major U.S.-based multinational automaker had been targeted by the FIN7 hacking group in a spear-phishing attack late last year that sought to facilitate systems compromise with the Anunak malware, BleepingComputer reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.