MSI :: State of Security

Insight from the Information Security Experts

Heads Up, ICS & SCADA Folks, Especially!

Posted on December 19, 2014 by Brent Huston

Remotely exploitable vulnerabilities have been identified & published in NTP (network time protocol). This is often a CRITICAL protocol/instance for ICS environments and can be widely located in many control networks.

The fix currently appears to be an upgrade to 4.2.8 or later.

This should be considered a HIGH PRIORITY for critical infrastructure networks. Exploits are expected as this is an unauthenticated remotely triggered buffer overflow, which should be easily implemented into existing exploit kits.

Please let us know if we can assist you in any way. Stay safe out there!

Update: 12/19/14 2pm Eastern – According to this article, exploits are now publicly available.

WMWare ESX Multiple Vulns, Novell iPrint Remote Code

Posted on February 22, 2008 by Nathan Grandbois

VMWare ESX is vulnerable to multiple issues, including the bypassing of security restrictions, system compromise, denial of service, and the disclosure of sensitive information. Currently, VMWare ESX 2.x and 3.x are vulnerable. VMWare has released a patch for this issue, available from www.vmware.com.
Novell iPrint Client is vulnerable to remote exploitation. The vulnerability lies in the active control ienipp.ocx and can be exploited remotely to cause a stack based buffer overflow. This has been confirmed in version 4.26 and 4.32. Novell recommends all users update to version 4.34.