Shadow Broker’s April 2017 Release

Update - April 15, 2017 Microsoft has evaluated the exploits released by the Shadow Brokers and confirmed that the exploits previously through to be “zero-days” were patched last month with the release of MS17- 010. Kudelski Security highly recommends that clients apply the patches included in MS17-010 as soon as possible to ensure they are … Continue reading Shadow Broker’s April 2017 Release

Microsoft Office HTA Handler Vulnerability (CVE-2017-0199)

This past Friday Cisco publicly disclosed a software vulnerability in the  Cisco Cluster Management Protocol in Cisco IOS and Cisco IOS XE software.  The following is our action report for clients utilizing Cisco devices. Summary CVE-2017-3881 is a critical vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE software […]

Responding to the Cisco CMP Vulnerability

This past Friday Cisco publicly disclosed a software vulnerability in the  Cisco Cluster Management Protocol in Cisco IOS and Cisco IOS XE software.  The following is our action report for clients utilizing Cisco devices. Summary CVE-2017-3881 is a critical vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE software … Continue reading Responding to the Cisco CMP Vulnerability

Responding to Ticketbleed

Today Cloudflare publicly disclosed a software vulnerability in the F5 BIG-IP appliance. The following is our action report for clients utilizing the BIG-IP appliance.  It is worth noting that this only impacts appliances running the non-default Session Tickets option. Summary Ticketbleed is a high severity software vulnerability in the TLS stack of F5 BIG-IP appliances allowing a … Continue reading Responding to Ticketbleed