Citrix XenServer multiple security updates

Today (November 13th 2012) Citrix has released a critical update for all of it’s XenServer products.

A number of security vulnerabilities have been identified in Citrix XenServer. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including version 6.1.

The following denial of service vulnerabilities have been addressed:

  • Timer overflow DoS vulnerability (CVE-2012-4535)
  • pirq range check DoS vulnerability (CVE-2012-4536)
  • Memory mapping failure DoS vulnerability (CVE-2012-4537)
  • Unhooking empty PAE entries DoS vulnerability (CVE-2012-4538)
  • Grant table hypercall infinite loop DoS vulnerability (CVE-2012-4539)
  • XENMEM_add_to_physmap DoS vulnerability (CVE-2012-4557) Continue reading “Citrix XenServer multiple security updates”

Internet Explorer Fix it available now – sucurity update scheduled for Friday

Earlier this week, an issue impacting Internet Explorer affected a small number of customers.  The potential exists, however, that more customers could be affected.  As a result, today we have released a Fix it that is available to address that issue.  This is an easy, one-click solution that will help protect your computer right away.  It will not affect your ability to browse the web, and it does not require a reboot of your computer.

Then, on this Friday, Sept. 21, we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels.  We recommend that you install this update as soon as it is available. If you have automatic updates enabled on our PC, you won’t need to take any action – it will automatically be updated on your machine.  This will not only reinforce the issue that the Fix It addressed, but cover other issues as well.

Today’s Advance Notification Service (ANS) provides additional details about the update we are releasing on Friday – MS12-063. We are planning to release this bulletin as close to 10 a.m. PDT as possible. This cumulative update for Internet Explorer has an aggregate severity rating of Critical. It addresses the publicly disclosed issue described in Security Advisory 2757760 as well as four other Critical-class remote code execution issues.

Update on the DLL-preloading remote attack vector

Last week, we released Security Advisory 2269637 notifying customers of a publicly disclosed remote attack vector to a class of vulnerabilities affecting applications that load dynamic-link libraries (DLL’s) in an insecure manner. At that time, we also released a tool to help protect systems by disallowing unsafe DLL-loading behavior. Continue reading “Update on the DLL-preloading remote attack vector”