Cisco Blogs

Cisco Blog > Threat Research

Microsoft Patch Tuesday – October 2015

Microsoft’s Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release is fairly light with a total of 6 bulletins released addressing 33 vulnerabilities. Half of the bulletins are rated “Critical” and address vulnerabilities in Internet Explorer, JScript/VBScript, and the Windows Shell. The other half of the bulletins are rated “Important” and address vulnerabilities in Edge, Office, and the Windows Kernel.

Bulletins Rated Critical

MS15-106, MS15-108, are MS15-109 are rated Critical in this month’s release.

MS15-106 is this month’s Internet Explorer security bulletin for versions 7 through 11. In total, 14 vulnerabilities were addressed with most of them being memory corruption conditions that could allow arbitrary code execution.  This bulletin also addresses 2 memory corruption flaws and 2 information disclosure flaw in the JScript/VBScript scripting engine for Internet Explorer versions 8 through 11 only. Users and organizations that currently use Internet Explorer 7 or who do not have Internet Explorer installed will need to install MS15-108 to address the vulnerabilities in the VBScript/JScript scripting engine. Read More »

Tags: , , , ,

Microsoft Internet Explorer Out of Band Advisory

Today an out of band advisory was released by Microsoft to address CVE-2015-2502. This vulnerability is addressed by MS15-093.

MS15-093 address a memory corruption vulnerability in Internet Explorer versions 7, 8, 9, 10, and 11. This affects all currently supported versions of Windows, including Windows 10.

This advisory is rated critical. An attacker can craft a web page designed to exploit this vulnerability and lure a user into visiting it.  The compromise will result in remote code execution at the permission level of the affected user. The use of proper user access controls can limit the severity of the compromise.

As with most out of band releases, it has been reported that this attack is being exploited in the wild. Users should patch immediately.

Read More »

Tags: , , , ,

Talos Discovered Three More Vulnerabilities in Pidgin

This post was authored by Yves Younan and edited by Armin Pelkmann

Table of contents

CVE-2014-3697, VRT-2014-0205
CVE-2014-3696, VRT-2014-0204
CVE-2014-3695, VRT-2014-0203

Cisco Talos is announcing the discovery and patching of another three 3 CVE vulnerabilities in Pidgin (An open-source multi-platform instant messaging client – see wikipedia page). These vulnerabilities were discovered by our team and reported to the Pidgin team. They were found during our initial look at Pidgin which resulted in the first 4 vulnerabilities released in January, but were reported to Pidgin a little later and took longer to get patched. Now that these vulnerabilities were patched in the latest version of Pidgin, 2.10.10, we want to publicly disclose our findings.


The first vulnerability (CVE-2014-3697, VRT-2014-0205) is in the routines Pidgin uses to handle smiley and theme packages in Windows. These packages can be downloaded from websites and installed by dragging and dropping them to Pidgin. The packages are TAR files and Pidgin handles them by un-tarring the files to a specific directory. Read More »

Tags: , , , , , ,

Cloudburst: iOS 8 Generates 50% Increase in Network Traffic

Many network engineers recall the iOS7 update on September 18, 2013 as one of the most historic download days of their network’s history. All the more reason for us in the wireless world who anxiously anticipated the September 17 release of iOS8.

We asked a few of our customers to monitor the effect of the software release on their networks and the results for the first two days are in. Those in the education and healthcare space in particular are filled with early adopters of WiFi technology and devices, and eager to get their hands on the latest updates.

Joe Rogers, Associate Network Director at the University of South Florida shared this picture with us from 1pm September 17th, showing 1 Gbps more traffic than he would normally see at this time of day:


Another customer, Greg Sawyer, Manager of Infrastructure Services, shared this picture of the iOS8 effect on his network at the UNSW Australia.


He noted that his experience handling the release this year felt smoother than last year, despite the new peak internet download of 4.65 Gbps and 21Tb downloaded for the day! Not too surprising when considering that there were 27,000 concurrent connections on the wireless network and approximately 60% of those being Apple devices.

How should organizations be considering and handling these network spikes? I sat down with Cisco technical leaders Matt MacPherson and Chris Spain (@Spain_Chris) to get some insight on the effect of big updates like iOS8 on the wireless network. Here are some of the highlights of what we discussed:

The World We Live In

The truth is, more and more services are being moved to the cloud—a cloud that will push updates to millions & in the future billions of users and devices on our networks. Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Cisco 2014 Midyear Security Report: Brush Your Teeth, Change Your Passwords, Update Your Software

Listening to the radio on the way to work recently, I heard that hackers had stolen some 1.2 billion usernames and passwords, affecting as many as 420,000 websites. When asked what listeners could do to protect themselves, the security expert speaking recommended changing passwords.

He did not mention which ones. Indeed, the names of the compromised sites have not even been publicly named for fear of making the problem worse, so there is no way of knowing how to prioritize which passwords to change. Adding to my irritation, I had just changed several passwords in the wake of the Heartbleed/OpenSSL compromise a few months ago. Perhaps like you, I have more than 100 passwords. Changing them all is not really an option. Read More »

Tags: , , , , , , ,