Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft updates trust list after private key for Xbox Live leaks

Steve Ragan | Dec. 9, 2015
Private key for *.xboxlive.com disclosed.

In related news, Microsoft released 12 security bulletins on Tuesday, nine of them rated critical, which resolve 71 vulnerabilities.

One of the more standout vulnerabilities is MS15-127, which fixes a flaw that could allow remote code execution if an attacker sends a specially crafted request to a DNS server.

The flaw is given an exploitability rank of 2 by Microsoft, meaning exploitation less likely, but they don't offer many details on the flaw itself other than to state that it's triggered by DNS requests. For organizations running a Microsoft DNS server exposed to the public, it might be worth including this patch alongside the other priority fixes this month – just to stay safe.

Rapid7's Adam Nowak also suggested MS15-124, MS15-125 and MS15-128 as bulletins to watch out for, as they address 33 vulnerabilities on their own.

"Since a wide range of products are affected this month almost all Microsoft users should be on alert. Microsoft's update addresses the vulnerabilities by resolving underlying issues with how certain functions in VBScript handle objects in memory, preventing cross site scripting (XSS) from incorrectly disabled HTML attributes, proper enforcement of content types and cross-domain policies," Nowak said.

Other patches released on Tuesday include fixes for more than 70 vulnerabilities from Adobe, and more than 50 from Apple on iOS, Safari, and Watch OS.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.