12/9: Today's Higher Risk Alerts

Four new "high risk" threats and a couple "important" ones.

High-Risk Vulnerability in Microsoft Office Project

Microsoft Project is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. More information can be found at this Symantec page.

High-Risk Vulnerability in Internet Explorer

Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions. More information can be found at this Symantec page.

Authentication Spoofing Vulnerability

Microsoft Windows Active Directory Federation Services (ADFS) is at high risk to an authentication-spoofing vulnerability affecting single sign-on (SSO) Web sites because it fails to properly implement session management. Successful exploits will allow attackers to authenticate to trusted servers by spoofing a legitimate user's credentials, which may aid in further attacks. More information can be found at this Symantec page.

Critical Vulnerabilities in Internet Authentication Service

These vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. More information can be found at this Trend Micro page.

Windows Vulnerability Could Allow Denial of Service

This vulnerability could allow a denial of service if a remote, authenticated attacker, sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system. More information can be found at this Trend Micro page.

Vulnerabilities in ADFS-Enabled Web Server

The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. More information can be found at this Trend Micro page.

Loading Comments...

Comment and Contribute

12/9: A Slew of Today's Alerts

By eSecurityPlanet Staff

December 09, 2009

A round-up of threat alerts from Sophos and Symantec.

» Read Article

12/9: Today's Higher Risk Alerts

Four new "high risk" threats and a couple "important" ones.

High-Risk Vulnerability in Microsoft Office Project

High-Risk Vulnerability in Internet Explorer

Authentication Spoofing Vulnerability

Critical Vulnerabilities in Internet Authentication Service

Windows Vulnerability Could Allow Denial of Service

Vulnerabilities in ADFS-Enabled Web Server

Loading Comments...

Related Articles

12/9: A Slew of Today's Alerts

Topic Centers

Articles by Type

Contact Us

More Security

12/9: Today's Higher Risk Alerts

Four new "high risk" threats and a couple "important" ones.

High-Risk Vulnerability in Microsoft Office Project

High-Risk Vulnerability in Internet Explorer

Authentication Spoofing Vulnerability

Critical Vulnerabilities in Internet Authentication Service

Windows Vulnerability Could Allow Denial of Service

Vulnerabilities in ADFS-Enabled Web Server

Loading Comments...

Related Articles

12/9: A Slew of Today's Alerts

Most Recent Alerts Articles

Topic Centers

Articles by Type

Contact Us

More Security