Telephone Scam About Printer Cartridges
Update: POODLE Vulnerability in SSLv3
CIS ADVISORY NUMBER: 2014-089 - Update
A vulnerability exists within the SSL version 3.0 protocol allowing an attacker to hijack and decrypt session cookies that are utilized between a user's web browser and the web site. Secure Sockets Layer (SSL) is a cryptographic protocol that is designed to provide secure network communication using X.509 certificates. This could lead to attackers temporarily impersonating web site visitor account logins and/or online payment systems.
- Any client or Web Server supporting SSLv3 protocol
- Large and medium government
ALERT: Microsoft Security Bulletins - October 2014
Microsoft Security Bulletin Summary for October 2014
US-CERT encourages users and administrators to review the bulletins and apply the necessary updates.
Primary Attack Vector: Specially crafted webpage
Publicly Disclosed: No
Assumptions: Some of these vulnerabilities would have to be used in conjunction with another vulnerability that allow remote code execution
Recommendations: Patch immediately after appropriate testing
Advisory Candidate: Yes