The number of vulnerabilities this week isn’t as large as last week, but the impact is certainly much larger.Â Leading off is the vulnerability used to break into Google’s internal systems, as well as those at more than 30 other Fortune 500 companies.Â Also included is a link from SANS on what appears to be a working exploit which bypasses DEP in Internet Explorer 8.Â It now appears that Microsoft will be releasing an out-of-band patch for this one.Â Second, also from a ISC post, is a new escalation of privilege vulnerability in Windows which abuses the support for 16 bit applications.Â Apple released their first security update of the new year, and a new version of MIT’s Kerberos is available to fix an integer underflow vulnerability.Â The last two are a little more physical, one for a flaw in the ZigBee stack used in many smart grid applications, and the second is a great post from Krebs On Security on ATM skimmers.
- Microsoft: Internet Explorer Remote Code Execution (now with DEP bypass goodness)
- Microsoft: Windows Privilege Escalation
- Apple: Mac OS X security update
- MIT: Kerberos 5 patch available
- Texas Instruments: Z-Stack ZigBee radio module vulnerability
- Krebs on Security: Would you have spotted the fraud?
Blog post by: Â David Shpritz