// author archive

Simon Price

Simon Price has written 22 posts for Praetorian Prefect
Email the author: blog(at)ptnsecurity.com

Microsoft IE 6 & 7 Zero-day (Aside)

By Simon Price March 9, 2010 One comment

A blog post on the MSRC web site warned of a new zero-day in Internet Explorer versions 6 and 7 running on Windows XP, Windows 2000, or Windows 2003. The post references Security Advisory (981374), and at this time there aren’t many details about the vulnerability other than what MS has stated in the advisory. Related [...]

March’s Patch Tuesday

By Simon Price March 9, 2010 Post a comment

msft_logo

Today is patch Tuesday for March 2010, and Microsoft has released two security bulletins for this round of updates, neither of which are deemed critical. The second bulletin addresses seven different vulnerabilities across various versions of Microsoft Office Excel.

Press F1 for Help, pwned.

By Simon Price March 2, 2010 One comment

Microsoft published security advisory 981169 yesterday in response to the zero day vulnerability reported a few days prior. The vulnerability is in the help system and can be triggered by luring an Internet Explorer user into pressing the F1 key. Windows 2000, Windows XP SP2 & SP3, and Windows 2003 SP2 with Internet Explorer 7 [...]

February’s Patch Tuesday

By Simon Price February 9, 2010 3 comments

Today is patch Tuesday for February 2010, and it marks a fairly busy patch cycle for Microsoft, who released thirteen updates today. In late January, there was an out-of-band release for two critical patches, in response to the high profile issue around the Internet Explorer Aurora exploit. This makes a total of fifteen total patches between since January’s patch Tuesday.

Microsoft Posts Advanced Notification for Out of Band Patch

By Simon Price January 20, 2010 Post a comment

Microsoft has published the advanced notification for an unscheduled patch update release to occur tomorrow, outside of the normal patch Tuesday cycle. The update is for an Internet Explorer vulnerability reported to be a vector for the Aurora exploit which was used to attack Google and several other companies. The last time Microsoft released an [...]

Using Group Policy to Disable JavaScript in Adobe PDF Files

By Simon Price January 13, 2010 2 comments

We have previously posted instructions for users to disable JavaScript, giving them the option to enable it only when necessary. However, if you have made the decision to make this change across your enterprise or to a specific user base, this manual process is not practical. Therefore, a Group Policy Object is best to handle the task at hand.

First Patch Tuesday of 2010

By Simon Price January 12, 2010 2 comments

We begin a new year and arrive at the first patch Tuesday of the decade. The news and spread of malware related to Adobe Reader continues to gain momentum and the information security community believes that this year will produce more exploits using Reader. I will include both the Microsoft and Adobe updates in these [...]

SMB Bug won’t be patched in January

By Simon Price January 8, 2010 Post a comment

Microsoft announced in a blog post that the SMB bug which can crash Windows 7 and Server 2008 R2 will not be patched in January’s patch Tuesday. We have shown how this bug can cause a severe halt to the OS, however, Microsoft stated that they “are not aware of any active attacks using the [...]

Adobe util.printd Zero Day

By Simon Price December 16, 2009 One comment

A critical vulnerability was discovered early this week in Adobe Reader and Acrobat versions 9.2 and earlier which could allow attackers to gain control of the affected system, not even a week after Adobe released a critical update for its Flash Player on patch Tuesday last week. The attack uses a weakness in a function called util.printd along with a heap spray implemented with Javascript to attempt to inject shell code.

Forensics: Beverages Aside, A Look at Incident Response Tools

By Simon Price December 15, 2009 2 comments

In November, Microsoft’s forensics tool called COFEE (Computer Online Forensic Evidence Extractor) was leaked on torrents for download. The news coverage was much hype about nothing, as many free tools already out there exceed COFEE in features and functionality.

« Previous