InfoSec News Summary 02/12/2016

Posted on February 12th, 2016

  • Microsoft Patch Tuesday Release (2/9/15): 13 bulletins with 6 being deemed critical in severity. None of the vulnerabilities have been exploited in the wild as of the patch tuesday bulletins release. Although one vulnerability stands out (MS16-013) as it affects all supported versions of Windows and can allow remote code execution if a user opens a specially crafted Journal file.
  • CVE-2016-1287 – Cisco ASA Unauthenticated IKEv1 IKEv2 Buffer: A recent vulnerability has been discovered affecting the Cisco ASA Adaptive Security Appliance. If the Cisco ASA device acts as a VPN it can allow for external communication to occur which could lead to exploitation from an unauthenticated adversary.