Again 4 new execution side-channel vulnerabilities were disclosed by Intel on May 14th. Each of them has its own name but collectively they are referred to as Microarchitectural Data Sampling (mds): CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): part of RIDL CVE-2018-12126: Microarchitectural Store Buffer...
IMPORTANT: information provided is purely informative and has no legal value Update September 2nd 2019: inform your JAVA users they should not just install the latest update, which can easily be done by pressing “Install” or “Next” after the following window appears: It shows the user a...
Within Microsoft SQL Server databases, some fixed server-level roles are defined, providing a certain level of access and functionality. The role with the highest access and functionality is the SYSADMIN role. Only privileged users or administrators within the company are granted this role. Eddy Van Heghe,...
After the Spectre & Meltdown vulnerabilities (see https://monin-it.be/2018/01/17/meltdown-spectre-solution-linux-windows/) at the beginning of 2018, Intel now tackled 3 applications of another big vulnerability in their microcode: the L1 Terminal Fault (L1TF) vulnerabilities. All three applications of L1TF are speculative execution side-channel cache timing vulnerabilities: CVE-2018-3615: Affecting Intel Software...
Oracle just released a security alert and is urging users to patch their oracle database installations to plug a critical security issue (this one even got CVSS score 9.9/10, which is really high and shows the importance to patch). The vulnerability can result in a complete...
On October 19th 2016, a serious Linux kernel vulnerability named Dirty COW (CVE-2016-5195) was announced. This bug makes it possible for an unprivileged user to get write access to read-only memory mappings which lets them increase their privileges on the system.Checking the impact of this...