Here's a collection of recent security vulnerabilities and alerts, which covers the automatic installation of Windows Desktop Search on client PCs by WSUS in certain cases, and multiple vulnerabilities discovered in Computer Associate's BrightStor Hierarchical Storage Manager.
- WSUS independently installs Windows Desktop Search on client PCs
PCs in enterprise networks may, under some circumstances, install Microsoft's Desktop Search engine from a WSUS even though no consent has been given. The issue has been isolated to knowledge base number 917013, originally published on February 7 and triggered by a subsequent revision of this update.
YOu can read more about this at heise Security.
- Multiple vulnerabilities in CA BrightStor Hierarchical Storage Manager
Multiple vulnerabilities has been discovered in Computer Associate's BrightStor Hierarchical Storage Manager. A proof-of-concept has been released for one of the buffer overflow vulnerabilities.
A remote attacker may exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits can result in a complete compromise of affected computers. Other attacks and failed exploit attempts may also cause denial-of-service conditions.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.