Schutz von personenbezogenen Daten

Compliance sichert Ihren Erfolg!

Datenschutz

Erfahrung

Erfolgreiche Projekte schaffen Vertrauen!

Zu den Projekten

Unterstützung in Ihren Prozessen

Der Blick über den Tellerrand!

Consulting Services

Unterstützung nach Maß!

Lernen wir uns kennen!

Kontakt zu SOLIT

SOLIT

SOLIT Information Security ist ein inhabergeführtes Beratungsunternehmen für Informationssicherheit. Seit 2008 stehen wir Kunden in allen Fragen rund um Informationssicherheit und Datenschutz zur Verfügung. Als Beratungsunternehmen in der Informationssicherheit unterstützen wir unsere Kunden bei der Einführung, Erhaltung und kontinuierlichen Verbesserung ihrer IT basierenden Unternehmenssicherheit. Dies umschließt sowohl die Organisation mit ihren Prozessen als auch die zugehörige Technik. Ein besonderes Augenmerk liegt auf den Menschen als Mitarbeiter im Unternehmen. Sicherheit kann nie gegen den Menschen eingeführt werden – der Mitarbeiter muss “mitgenommen” werden. Dies gelingt uns in Projekten auf unterschiedliche Art und Weise!

Als geschäftsführender Gesellschafter leitet Jörg Stefan Folz das Unternehmen seit Gründung im Jahr 2008.

 

Consulting Services

Informationssicherheit im Unternehmen ist heutzutage ein wesentlicher Erfolgsfaktor  – und gleichzeitig zwingende Notwendigkeit!

Als Beratungsunternehmen unterstützen wir unsere Kunden bei Konzeption, Erhaltung und kontinuierlichen Verbesserung ihrer IT basierenden Unternehmenssicherheit. Wir stützen uns dabei auf die Pfeiler Prozesse (Organisation), Technik und den Menschen.

Dabei liegt ein wesentlicher Fokus auf der Begleitung des Kunden in Projekten, in denen Informationssicherheit eine Relevanz besitzt. Wir planen und managen Projekte im Auftrag des Kunden und sorgen für die gewünschte Zielerreichung. Technische Integrationen können dabei vom Kunden selbst oder anderen Dienstleistern übernommen werden.

Die Organisation mit ihren Prozessen definiert den Rahmen der Informationssicherheit im Unternehmen. Hier unterstützen wir unsere Kunden beispielsweise in folgenden Themenkomplexen:

  • Aufbau, Überprüfung und Bewertung des ISMS (Managementsystem Informationssicherheit)
  • Beratung und Ausarbeitung von IT-Sicherheitsstrategien
  • Risikobewertungen und Assessments
  • Business Continuity Management

Weitere Beispiele finden Sie in den Projekten.

Die Abbildung von Vorgaben der Informationssicherheit findet sich auch in der technischen Ebene wieder. Wir unterstützen Kunden mit der Erstellung von Fachkonzepten für unterschiedliche Problemstellungen oder auch Evaluierungen von technischen Lösungen. Technische Audits und Penetrationstest stellen fest, ob die technische Sicherheit in Ihrem Unternehmen korrekt implementiert ist.

Als Spezialist im Bereich Public Key Infrastrukturen (PKI) planen, integrieren und überprüfen wir sowohl die serverseitigen Komponenten als auch die auf der PKI basierende Anwendungen.

Das schwächste Glied in der Sicherheitskette ist – wie so häufig – der Mensch. Im Sicherheitsprozess muss ihm gesondert Rechnung getragen werden. Selbstverständlich zählen hierzu Richtlinien, Policies und Handlungsanweisungen. Jedoch werden diese allzu leichtfertig umgangen, da sie häufig den Arbeitsablauf stören. Daher muss dem Faktor Mensch auch auf andere Weise Rechnung getragen werden. Hierzu zählt der Auf- und Ausbau des Sicherheitsbewußtseins, zum Beispiel über Security Awareness Programme.

Projekte

Erfolgreiche Projekte schaffen Vertrauen!

Die Fragestellungen in der Informationssicherheit und im Datenschutz sind vielfältig. Damit Sie einen Eindruck über die Bandbreite unserer Tätigkeiten bekommen, finden Sie hier eine Auswahl an unterschiedlichen Projekten. Detaillierte Referenzprojekte gerne auf Anfrage.

 

Entwicklung und Dokumentation von Lastenheften

Nicht nur im Entwicklungsbereich ist die strukturierte Aufnahme von Anforderungen eine wesentliche Voraussetzung, um zielgerichtet Projekte zu beauftragen. SOLIT unterstützt den Kunden im gesamten Prozess des requirements Management und stellt die ordnungsgemäße Dokumentation sicher. Beispielprojekte sind die Auswahl/Ausschreibung einer neuen IT-Infrastruktur (staatliches Unternehmen) oder die Auswahl eines technischen Security Providers (Finanzinstitut).

Konzeption und Prüfung sicherer Remotezugriffe (remote access)

Lösungen für Remote-Zugriffe ins interne Netzwerk von Finanzinstituten unterliegen besonderen Bedingungen (u.a. gesetzliche und aufsichtsrechtliche Vorgaben). Unter Berücksichtigung dieser Vorgaben wurden mehrere Lösungen konzipiert, die Sicherheit und Benutzerfreundlichkeit miteinander kombinieren. Die Begleitung bei der Vorstellung dieser Projekte bei der Luxembourger Bankenaufsicht (CSSF) gehört mit zu den Aufgaben.

Datenschutz

In laufenden Mandaten übernehmen wir die Funktion des Datenschutzbeauftragten und sorgen für sichere und gesetzeskonforme Verarbeitung personenbezogener Daten.

Konzeption und Integration einer “all-in-one” Smartcard für verschiedene Anwendungszwecke

Auf Basis einer Smartcard mit Legic Modul wurde eine Authentisierungslösung entwickelt, auf deren Basis die Mitarbeiter des Unternehmens

  • Zutritt zum Unternehmen erhalten (inkl. Zeiterfassung)
  • mit der Karte im unternehmenseigenen Restaurant bezahlen können
  • sich an ihrer Arbeitsstation anmelden können (smartcard logon)
  • Drucke immer nur dann ausgegeben werden, wenn der Benutzer am Drucker mit der smartcard authentisiert wurde (FollowMe Printing)
  • Absicherung von Remote Access Zugriffen

Weitere Anwendungsfälle werden laufend integriert. Die stete Anforderung ist, dass jeder Mitarbeiter alle Funktionen mit nur einer einzigen Karte ausführen kann!

Konzeption und Integration von Public Key Infrastrukturen

PKI als Framework ist die Grundlage für unterschiedliche Anwendungsfälle, wenn es um sichere Authentisierung oder Verschlüsselung geht. Für mehrere Kunden planen und integrieren wir Public Key Infrastrukturen auf Basis der Microsoft certificate services. Anwendungsfälle, die damit durchgeführt werden sind z.B.

  • Workflow Anbindungen
  • Austausch verschlüsselter und signierter Emails für Kundenverkehr (PKI mit “Aussenwirkung”)
  • Smartcard logon
  • Remote Access (s.o.)
  • uvm.

Planung und Implementierung eines ISMS

Aufbau und Prüfung von Sicherheitsorganisationen nach Standard ISO/IEC 27001

Business Continuity Management

Für ein Finanzinstitut wurde das vorhandene BCM auf völlig neue Beine gestellt. SOLIT begleitete den gesamten Prozess, der an den BSI Standard 100-4 angelehnt ist, beginnend bei der Business Impact Analyse über Risiko-Analyse bis hin zur Umsetzung des Notfallvorsorgekonzeptes.

Security Awareness Programm

Für Kunden werden unterschiedliche Formen von Awareness Programmen abgehalten. Allen gemeinsam ist, dass sie immer Veranstaltungen für Mitarbeiter enthalten. In diesen wird nicht mit erhobenem Zeigefinger auf die Risiken und Gefahren hingewiesen, die je nach Kundenanfrage im Raum stehen. Im Gegenteil: Es wird auf lockere Art und Weise aufgezeigt, wie einfach das Ausnutzen von Sicherheitslücken sein kann – und dass jeder ein potentielles Angriffsziel bieten kann.

Projektbegleitung für Informationssicherheit

Häufig stehen bereits im Vorfeld in größeren Projekten die Player fest. Dem Kunden fehlt jedoch eine unabhängige Instanz, die IT-Sicherheitsthemen professionell begleitet und dem Kunden mit Anregungen zur Seite steht. Diese Aufgabenstellung wurde bereits mehrfach wahrgenommen.

Durchführung von Penetrationstests

Zur Überprüfung der Sicherheit von exponierten Systemen führen wir für Kunden unterschiedliche Penetrationstests durch. Die Ergebnisse werden verwendet um die Sicherheit der Systeme / Applikationen zu bestätigen respektive zu verbessern.

Datenschutz

Gelebter Datenschutz als Teil der unternehmensinternen Compliance gibt Unternehmen und ihren Kunden die Sicherheit, die zum Unternehmenserfolg beiträgt!

Als in Luxembourg akkreditiertes Unternehmen für Datenschutz stellen wir gemeinsam mit dem Kunden die gesetzlichen Anforderungen sicher. Sowohl in Projekten als auch in Mandaten! In Luxembourg können Unternehmen, die für Verarbeitungen von Personendaten verantwortlich sind, einen Datenschutzbeauftragten benennen. In diesem Fall werden sie von ihrer Meldepflicht gegenüber der Nationalkommission für Datenschutz (CNPD) entbunden. Die Berufung eines (externen) Datenschutzbeauftragten hat weitere Vorteile: Unternehmen müssen sich nicht um die erforderliche Weiterbildung eines Mitarbeiters für Datenschutz kümmern. Es werden keine internen Ressourcen für “betriebsfremde” Aktivitäten eingesetzt. Sowohl im operativen Tagesgeschäft als auch in Projekten können sich Datenverarbeiter auf die Expertise von SOLIT verlassen.

SOLIT Information Security unterstützt Sie im Bereich Datenschutz

  • mit der Übernahme des Mandats als Datenschutzbeauftragter (chargé de la protection des données agréées)
  • bei Fragen zum Datenschutz und in speziellen Verarbeitungen
  • bei der Absicherung von Verarbeitungen gem. Luxembourger Datenschutz (Gesetz vom 02. August 2002)
  • in Prüfungen und bei der Erstellung von Konzepten
  • sowie in allen anderen Themen rund um den Datenschutz!

Service

Vulnerabilities

Recent Vulnerabilities

The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219..
Posted: June 24, 2017, 5:04 am
Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549..
Posted: June 24, 2017, 5:04 am
A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability"..
Posted: June 24, 2017, 5:04 am
Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8498..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219..
Posted: June 24, 2017, 5:04 am
Microsoft Malware Protection Engine CVE-2017-8558 Remote Code Execution Vulnerability .
Posted: June 24, 2017, 5:04 am
Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0218, and CVE-2017-0219..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218..
Posted: June 24, 2017, 5:04 am
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497..
Posted: June 24, 2017, 5:04 am
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0284, CVE-2017-0285, and CVE-2017-8534..
Posted: June 24, 2017, 5:04 am
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-0260, and CVE-2017-8506..
Posted: June 24, 2017, 5:04 am
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528..
Posted: June 24, 2017, 5:04 am
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8549..
Posted: June 24, 2017, 5:04 am
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0285, and CVE-2017-8534..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484..
Posted: June 24, 2017, 5:04 am
Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-8534..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows TDX Elevation of Privilege Vulnerability"..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka "Windows COM Session Elevation of Privilege Vulnerability.".
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8504..
Posted: June 24, 2017, 5:04 am
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506..
Posted: June 24, 2017, 5:04 am
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the MPEG-4 AVC module. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability"..
Posted: June 24, 2017, 5:04 am
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555..
Posted: June 24, 2017, 5:04 am
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the Adobe Texture Format (ATF) module. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability"..
Posted: June 24, 2017, 5:04 am
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges)..
Posted: June 24, 2017, 5:04 am
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484..
Posted: June 24, 2017, 5:04 am
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484..
Posted: June 24, 2017, 5:04 am
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484..
Posted: June 24, 2017, 5:04 am
Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF imaging model. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of browser related library extensions in the installer plugin. A successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading of editor control library functions in the installer plugin. A successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the bitmap representation module. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of Privilege Vulnerability"..
Posted: June 24, 2017, 5:04 am
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8496..
Posted: June 24, 2017, 5:04 am
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing engine. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8520, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549..
Posted: June 24, 2017, 5:04 am
Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the character code mapping module. Successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506..
Posted: June 24, 2017, 5:04 am
Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution..
Posted: June 24, 2017, 5:04 am
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506..
Posted: June 24, 2017, 5:04 am
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server..
Posted: June 24, 2017, 5:04 am
A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability"..
Posted: June 24, 2017, 5:04 am
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka "Windows VAD Cloning Denial of Service Vulnerability"..
Posted: June 24, 2017, 5:04 am
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297..
Posted: June 24, 2017, 5:04 am
Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8548, and CVE-2017-8549..
Posted: June 24, 2017, 5:04 am
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability.".
Posted: June 24, 2017, 5:04 am
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8468..
Posted: June 24, 2017, 5:04 am
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8548..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8465..
Posted: June 24, 2017, 5:04 am
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530..
Posted: June 24, 2017, 5:04 am
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484..
Posted: June 24, 2017, 5:04 am
Multiple vulnerabilities have been identified in Google Chrome, which could be exploited by attackers to cause the following impact(s): Denial of Service.
Posted: June 20, 2017, 12:00 am
Multiple vulnerabilities have been identified in Microsoft Products, which could be exploited by attackers to cause the following impact(s): Denial of Service ;Elevation of Privilege ;Remote Code Execution ;Security Restriction Bypass ;Information Disclosure ;Spoofing ;Data Manipulation /li /ul A proof of concept exploit code is publicly available. br / The vulnerability was reported being used in scattered attacks. /ul .
Posted: June 14, 2017, 12:00 am
Multiple vulnerabilities have been identified in Adobe Products, which could be exploited by attackers to cause the following impact(s): Elevation of Privilege ;Remote Code Execution ;Information Disclosure.
Posted: June 14, 2017, 12:00 am
Multiple vulnerabilities have been identified in Google Chrome, which could be exploited by attackers to cause the following impact(s): Remote Code Execution ;Spoofing.
Posted: June 7, 2017, 12:00 am

Kontakt

Lernen wir uns kennen!

SOLIT INFORMATION SECURITY

59, Route du Vin
L-6841 Machtum, Luxembourg

phone (+352) 2674 5983
fax (+352) 2674 5082
info@solit.lu

Ansprechpartner: Jörg Folz

Data Privacy Policy