Microsoft February Advance Notification

As usual, Microsoft has released their advance notification summary for patches expected to be released next Tuesday.

There are 7 bulletins addressing Remote Code Execution vulnerabilities, 4 being rated as critical.  Generally, the differntiator here has been the availability and ease of building exploit code.  That means that time may be a key factor in the escalation of those last 3 bulletins.  Prepare to patch these ASAP.

Bulletin ID Maximum Severity & Vulnerability Impact Restart Requirement Affected Software
Bulletin 1 Critical Remote Code Execution Requires restart Microsoft Windows
Bulletin 2 Critical Remote Code Execution Requires restart Microsoft Windows, Internet Explorer
Bulletin 3 Critical Remote Code Execution Requires restart Microsoft Windows
Bulletin 4 Critical Remote Code Execution May require restart Microsoft .NET Framework, Microsoft Silverlight
Bulletin 5 Important Elevation of Privilege Requires restart Microsoft Windows
Bulletin 6 Important Elevation of Privilege May require restart Microsoft Office, Microsoft Server Software
Bulletin 7 Important Remote Code Execution May require restart Microsoft Windows
Bulletin 8 Important Remote Code Execution May require restart Microsoft Windows
Bulletin 9 Important Remote Code Execution May require restart Microsoft Office

Foxconn Hacked

As if it wasn’t toxic enough out there, it looks like we have another group of hackers playing their little games on the Internet.  They claim that they are only in it for the thrill of destroying networks and impacting businesses.  Their claim to fame target?  Foxconn, the Asian firm that is under the microsocope after a NY Times article exposing dismal working conditions and recent deaths of employees.

The Swagg Security group has released information on both Foxconn and its clients, which include Microsoft and Apple, stolen during an attack on the company, through Pastebin and Pirate Bay posts.

“Now as a first impression Swagg Security would rather not deceive the public of our intentions.  Although we are considerably disappointed of the conditions of Foxconn, we are not hacking a corporation for such a reason and although we are slightly interested in the existence of an iPhone 5, we are not hacking for this reason.  We hack for the cyberspace who share a few common viewpoints and philosophies. We enjoy exposing governments and corporations, but the more prominent reason, is the hilarity that ensues when compromising and destroying an infrastructure”.

The information released contains contact details of a number of Foxconn’s global sales managers, usernames, IP addresses, credentials, and a list of clients’ purchases.