Security Archives

Zombieload, RIDL & Fallout and Store-to-Leak Forwarding vulnerabilities for Oracle Linux, Oracle VM and Microsoft Windows (collectively referred to as Microarchitectural Data Sampling (mds))

May 16, 2019Dries

Again 4 new execution side-channel vulnerabilities were disclosed by Intel on May 14th. Each of them has its own name but collectively they are referred as Microarchitectural Data Sampling (mds): CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): part of RIDL CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): part of Fallout CVE-2018-12127: Microarchitectural Load Port Data…

Do you suddenly need a payed subscription for using (Oracle) Java?

March 1, 2019Dries

Last update: March 15th 2019 The last few months, there was a lot to do about Java and the fact that future usage would only be allowed via subscription. But what is it all about? And do you really need to buy a subscription for Java? A bit of history From the beginning of Java,…

How-to make yourself a SYSADMIN “very easily” on Microsoft SQL Server (exploit)

October 10, 2018Dries

Within Microsoft SQL Server databases, some fixed server-level roles are defined, providing a certain level of access and functionality. The role with the highest access and functionality is the SYSADMIN role. Only privileged users or administrators within the company are granted this role. Eddy Van Heghe, one of our experienced Microsoft SQL DBA’s, discovered a…

L1TF Intel Processor vulnerabilities for Oracle Linux, Oracle VM and Microsoft Windows (Foreshadow)

August 16, 2018Dries

After the Spectre & Meltdown vulnerabilities (see https://monin-it.be/2018/01/17/meltdown-spectre-solution-linux-windows/) at the beginning of 2018, Intel now tackled 3 applications of another big vulnerability in their microcode: the L1 Terminal Fault (L1TF) vulnerabilities. All three applications of L1TF are speculative execution side channel cache timing vulnerabilities: CVE-2018-3615: Affecting Intel Software Guard Extensions (SGX): CVSS score 7.9/10 CVE-2018-3620:…

Urgently patch your Oracle database or get held hostage (CVE-2018-3110)!

August 16, 2018Dries

Oracle just released a security alert and is urging users to patch their oracle database installations to plug a critical security issue (this one even got CVSS score 9.9/10, which is really high and shows the importance to patch). The vulnerability can result in complete compromise of the Oracle Database and shell access to the…

A serious Linux kernel vulnerability (Dirty COW) was announced: learn how to patch without downtime!

October 25, 2016Dries

On October 19th 2016, a serious Linux kernel vulnerability named Dirty COW (CVE-2016-5195) was announced. This bug makes it possible for an unprivileged user to get write access to read-only memory mappings which lets them increase their privileges on the system. Checking the impact of this vulnerability, it’s really important to patch your Linux kernel…

Category: Security