Microsoft Bulletin Advance Notification for July, 2014

Microsoft has released [1] an advance notification for the july patchday. This month, 6 security bulletins are being published: 2 rated as critical allowing remote code execution in Internet Explorer and Windows 3 rated as important allowing elevation of privilege […]

OpenSSL: The Bleeding Continues take #2

Following our blog post “OpenSSL: the bleeding continues“, published on June 5th, CERT-LEXSI performed a deeper analysis of vulnerability CVE-2014-0195. As a reminder, CVE-2014-0195 is a potential code execution vulnerability due to a heap-based buffer overflow in the “dtls1_reassemble_fragment()” function […]

OpenSSL: the bleeding continues

Two new critical vulnerabilities on OpenSSL, that’s not yet doomsday but for those of you with specific configuration (DTLS with OpenSSL on the server and client side) you might be impacted. It isn’t so long ago that OpenSLL was on […]