Summary Our security partners are investigating multiple proof-of-concept exploits for CVE-2021-42287, a privilege escalation vulnerability associated with Active Directory Domain Services (AD DS). This vulnerability combined with a Security Account Manager (SAM) spoofing security bypass… More »
As posted previously there have been a number of vulnerabilities to Log4j services based on an update to CVE-2021-44228 – Vulnerability, has now had major developments regarding the Log4j vulnerability since our last advisory. This update… More »
Summary In the wake of the Log4Shell vulnerability - CVE-2021-44228, our support partner JISC have been monitoring network connectivity and looking for proactive ways to prevent exploitation. It is imperative to take into consideration the entire infrastructure when responding… More »
With Christmas nearly upon us (doesn’t it seem to come round quicker each year?), the hustle and bustle of nativities and Christmas songs being sang, as we edge closer to the end of term. To… More »
Summary This is an authentication bypass vulnerability in some specific application URLs that allows an attacker to gain access to an organisation’s data on the ServiceDesk Plus application. By manipulating one of these URLs from… More »
We are pleased to report the positive performance for the ESS services for the year ending October 2021. During the period a total of 798 tickets were reported to the desk, and the desk beat… More »
Summary On 22/11, security researcher Abdelhamid Naceri publicly disclosed a new zero-day vulnerability for “Windows Installer Elevation of Privilege”, which Microsoft had attempted to patch in November 2021, under CVE-2021-41379. The patch released by Microsoft… More »
update from our previous post – Microsoft vulnerability - Remote Code Execution (CVE-2021-40444) Summary On 21/11, two weeks after the patch for CVE-2021-42321 was released in MS Patch Tuesday, open-source reporting disclosed that a proof-of-concept exploit… More »
Through emPSN’s registrations with various security partners we receive information around the IP addresses on the emPSN network, including potential vulnerabilities. Third Party vulnerability data is taken from public reference sources, supplied on an as… More »