EISO Cyber Security Advisories

The following cyber advisory was issued by the New York State Office of Information Technology Services and is intended for State government entities. The information may or may not be applicable to the general public and, accordingly, the State does not warrant its use for any specific purposes

2013 | Archives | RSS feed RSS

2014 Cyber Advisories

December 2014

  1. #2014-113 » tuesday, december 09, 2014
    Multiple Vulnerabilities in Adobe Reader and Adobe Acrobat Could Allow Remote Code Execution (APSB14-28)

  2. #2014-112 » tuesday, december 09, 2014
    Multiple Vulnerabilities in Adobe Flash Player Could Allow Remote Code Execution (APSB14-27)

  3. #2014-111 » tuesday, december 09, 2014
    Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (MS14-084)

  4. #2014-110 » tuesday, december 09, 2014
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (MS14-083)

  5. #2014-109 » tuesday, december 09, 2014
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (MS14-082)

  6. #2014-108 » tuesday, december 09, 2014
    Vulnerabilities in Microsoft Word and Microsoft Office Web Apps Could Allow Remote Code Execution (MS14-081)

  7. #2014-107 » tuesday, december 09, 2014
    Cumulative Security Update for Internet Explorer (MS14-080)

  8. #2014-106 » friday, december 05, 2014
    Multiple Vulnerabilities in WordPress Download Manager Plugin Could Allow Remote Code Execution

  9. #2014-105 » thursday, december 04, 2014
    Multiple Vulnerabilities in WebKit Could Allow for Remote Code Execution

  10. #2014-104 » tuesday, december 02, 2014
    Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow for Remote Code Execution

  11. #2014-103 » monday, december 01, 2014
    Multiple Security Vulnerabilities Reported in Siemens SIMATIC WinCC

November 2014

  1. #2014-102 » wednesday, november 26, 2014
    Vulnerability found in Adobe Flash Player Could Allow Remote Code Execution (APSB14-26)

  2. #2014-101 » monday, november 24, 2014
    Multiple Vulnerabilities in WordPress Content Management System

  3. #2014-100 » monday, november 24, 2014
    Multiple vulnerabilities in Drupal Core could allow Unauthorized Access (DRUPAL-SA-CORE-2014-006)

  4. #2014-099 » tuesday, november 18, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow for Remote Code Execution

  5. #2014-098 » tuesday, november 11, 2014
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (MS14-069)

  6. #2014-097 » tuesday, november 11, 2014
    Vulnerability in XML Core Services Could Allow Remote Code Execution (MS14-067)

  7. #2014-096 » tuesday, november 11, 2014
    Vulnerability in Schannel Could Allow Remote Code Execution (MS14-066)

  8. #2014-095 » tuesday, november 11, 2014
    Cumulative Security Update for Internet Explorer (MS14-065)

  9. #2014-094 » tuesday, november 11, 2014
    Vulnerabilities in Windows OLE Could Allow Remote Code Execution (MS14-064)

  10. #2014-093 » tuesday, november 11, 2014
    Security updates available for Adobe Flash Player (APSB14-24)

October 2014

  1. #2014-092 » friday, october 17, 2014
    Vulnerability in SSLv3 Could Allow Information Disclosure

  2. #2014-091 » thursday, october 16, 2014
    SQL Injection Vulnerability in Drupal could allow for Remote Code Execution

  3. #2014-090 » tuesday, october 14, 2014
    Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (MS14-061)

  4. #2014-089 » tuesday, october 14, 2014
    Vulnerability in Windows OLE Could Allow Remote Code Execution (MS14-060)

  5. #2014-088 » tuesday, october 14, 2014
    Vulnerabilities in Kernel-Mode Driver Could Allow Remote Code Execution (MS14-058)

  6. #2014-087 » tuesday, october 14, 2014
    Vulnerabilities in .NET Framework Could Allow Remote Code Execution (MS14-057)

  7. #2014-086 » tuesday, october 14, 2014
    Cumulative Security Update for Internet Explorer (MS14-056)

  8. #2014-085 » tuesday, october 14, 2014
    Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow for Remote Code Execution

  9. #2014-084 » thursday, october 09, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow for Remote Code Execution

September 2014

  1. #2014-083 Updated » thursday, september 25, 2014
    Critical Bourne Again SHell (BASH) Vulnerability Allows for Remote Code Execution

  2. #2014-083 » thursday, september 25, 2014
    Critical Bourne Again SHell (BASH) Vulnerability Allows for Remote Code Execution

  3. #2014-082 » thursday, september 18, 2014
    Multiple Vulnerabilities in Apple Mac OS X

  4. #2014-081 » thursday, september 18, 2014
    Multiple Vulnerabilities in AppleiOS Prior to iOS 8 and TV Prior to TV 7

  5. #2014-080 » thursday, september 18, 2014
    Vulnerabilities in Adobe Reader and Acrobat Could Allow For Remote Code Execution (APSB14-20)

  6. #2014-079 » thursday, september 11, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow for Remote Code Execution

  7. #2014-078 » tuesday, september 09, 2014
    Cumulative Security Update for Internet Explorer (MS14-052)

  8. #2014-077 » tuesday, september 09, 2014
    Security updates available for Adobe Flash Player (APSB14-21)

  9. #2014-076 » tuesday, september 09, 2014
    Multiple Vulnerabilities Discovered in IBM Security Network Intrusion Prevention System Sensors

  10. #2014-075 » friday, september 05, 2014
    Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow for Remote Code Execution

  11. #2014-074 » thursday, september 04, 2014
    Vulnerability in Multiple F5 products could allow for Remote code execution

August 2014

  1. #2014-073 » tuesday, august 26, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow for Remote Code Execution

  2. #2014-072 » tuesday, august 26, 2014
    Vulnerability in Slider Revolution Responsive plugin for WordPress Could Allow for Arbitrary-File Download

  3. #2014-071 » friday, august 15, 2014
    Multiple Vulnerabilities in WebKit Could Allow for Remote Code Execution

  4. #2014-070 » wednesday, august 13, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow for Remote Code Execution

  5. #2014-069 » tuesday, august 12, 2014
    Cumulative Security Update for Internet Explorer (MS14-051)

  6. #2014-068 » tuesday, august 12, 2014
    Vulnerability in Windows Media Center Could Allow Remote Code Execution (MS14-043)

  7. #2014-067 » tuesday, august 12, 2014
    Security Updates available for Adobe Reader and Acrobat (APSB14-19)

  8. #2014-066 » tuesday, august 12, 2014
    Security updates available for Adobe Flash Player (APSB14-18)

  9. #2014-065 » tuesday, august 12, 2014
    Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow Remote Code Execution

July 2014

  1. #2014-064 » tuesday, july 29, 2014
    Multiple Security Vulnerabilities Reported in Siemens SIMATIC WinCC

  2. #2014-063 » tuesday, july 08, 2014
    Vulnerability in Windows Journal Could Allow Remote Code Execution (MS14-038)

  3. #2014-062 » tuesday, july 08, 2014
    Cumulative Security Update for Internet Explorer (MS14-037)

  4. #2014-061 » tuesday, july 08, 2014
    Multiple Vulnerabilities in Adobe Flash Player Could Allow Remote Code Execution (APSB14-17)

  5. #2014-060 » wednesday, july 02, 2014
    Multiple Vulnerabilities in Apple Mac OS X, Apple Safari and Apple iOS Could Allow for Local or Remote Code Execution

June 2014

  1. #2014-059 » friday, june 20, 2014
    Multiple Vulnerabilities in Oracle Database Could Allow Remote Code Execution

  2. #2014-058 » wednesday, june 18, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution

  3. #2014-057 » tuesday, june 10, 2014
    Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (2967487)

  4. #2014-056 » tuesday, june 10, 2014
    Cumulative Security Update for Internet Explorer (MS14-035)

  5. #2014-055 » tuesday, june 10, 2014
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261)

  6. #2014-054 » tuesday, june 10, 2014
    Vulnerability in Microsoft Lync Server Could Allow Information Disclosure

  7. #2014-053 » tuesday, june 10, 2014
    Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

  8. #2014-052 » tuesday, june 10, 2014
    Multiple Vulnerabilities in Adobe Flash Player Could Allow Remote Code Execution (APSB14-16)

  9. #2014-049 Updated » tuesday, june 10, 2014
    Vulnerability in Internet Explorer 8 Could Allow Remote Code Execution

  10. #2014-051 » thursday, june 05, 2014
    Multiple Vulnerabilities in OpenSSL Could Allow Remote Code Execution

May 2014

  1. #2014-050 » friday, may 30, 2014
    Vulnerabilities in Oracle Reports Developer could allow remote code execution

  2. #2014-049 » tuesday, may 27, 2014
    Vulnerability in Internet Explorer 8 Could Allow Remote Code Execution

  3. #2014-048 » wednesday, may 21, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution

  4. #2014-047 » wednesday, may 14, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution

  5. #2014-046 » wednesday, may 14, 2014
    Vulnerability in Adobe Flash Player Could Allow Remote Code Execution (APSB14-14)

  6. #2014-045 » wednesday, may 14, 2014
    Security Update for Internet Explorer (MS14-029)

  7. #2014-044 » tuesday, may 13, 2014
    Vulnerabilities in Adobe Reader and Acrobat Could Allow For Remote Code Execution (APSB14-15)

  8. #2014-043 » thursday, may 01, 2014
    Multiple Vulnerabilities in Cisco Telepresence TC and TE Software

  9. #2014-039 Updated » thursday, may 01, 2014
    Vulnerability in Internet Explorer Could Allow Remote Code Execution

April 2014

  1. #2014-042 » wednesday, april 30, 2014
    Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

  2. #2014-041 » monday, april 28, 2014
    Vulnerability in Adobe Flash Player Could Allow Remote Code Execution (APSB14-13)

  3. #2014-040 » monday, april 28, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution

  4. #2014-039 » monday, april 28, 2014
    Vulnerability in Internet Explorer Could Allow Remote Code Execution

  5. #2014-038 » friday, april 25, 2014
    Vulnerability in Apache Struts Could Allow Remote Code Execution

  6. #2014-037 » wednesday, april 23, 2014
    Multiple Vulnerabilities in Apple Mac OS X and Apple Safari Could Allow Remote Code Execution

  7. #2014-036 » monday, april 14, 2014
    Multiple Vulnerabilities Discovered in WordPress Content Management System

  8. #2014-029 - Updated » thursday, april 10, 2014
    OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability

  9. #2014-035 » wednesday, april 09, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution

  10. #2014-034 » tuesday, april 08, 2014
    Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)

  11. #2014-033 » tuesday, april 08, 2014
    Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (MS14-019)

  12. #2014-032 » tuesday, april 08, 2014
    Cumulative Security Update for Internet Explorer (MS14-018)

  13. #2014-031 » tuesday, april 08, 2014
    Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (MS14-017)

  14. #2014-030 » tuesday, april 08, 2014
    Multiple Vulnerabilities in Adobe Flash Player Could Allow Remote Code Execution (APSB14-09)

  15. #2014-029 » tuesday, april 08, 2014
    OpenSSL TLS 'heartbeat' Extension Information Disclosure Vulnerability

  16. #2014-028 Updated » tuesday, april 08, 2014
    Vulnerability in Microsoft Word Could Allow Remote Code Execution

March 2014

  1. #2014-028 » monday, march 24, 2014
    Vulnerability in Microsoft Word Could Allow Remote Code Execution

  2. #2014-027 » wednesday, march 19, 2014
    Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

  3. #2014-026 » monday, march 17, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution

  4. #2014-025 » thursday, march 13, 2014
    Vulnerability in Adobe Shockwave Player Could Allow for Remote Code Execution (APSB14-10)

  5. #2014-024 » wednesday, march 12, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution

  6. #2014-023 » tuesday, march 11, 2014
    Vulnerability in Microsoft Silverlight Could Allow For Security Feature Bypass (MS14-014)

  7. #2014-022 » tuesday, march 11, 2014
    Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (MS14-013)

  8. #2014-021 » tuesday, march 11, 2014
    Cumulative Security Update for Internet Explorer (MS14-012)

  9. #2014-020 » tuesday, march 11, 2014
    Multiple Vulnerabilities in Adobe Flash Player Could Allow Remote Code Execution (APSB14-08)

  10. #2014-014 Updated » tuesday, march 11, 2014
    Zero Day Vulnerability in Internet Explorer Could Allow Remote Code Execution

  11. #2014-019 » tuesday, march 04, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution

February 2014

  1. #2014-018 » wednesday, february 26, 2014
    Multiple Vulnerabilities in Apple QuickTime Could Allow Remote Code Execution

  2. #2014-017 » wednesday, february 26, 2014
    Multiple Vulnerabilities in Apple Mac OS X Could Allow Remote Code Execution

  3. #2014-016 » thursday, february 20, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution

  4. #2014-015 » thursday, february 20, 2014
    Multiple Vulnerabilities in Adobe Flash Player Could Allow Remote Code Execution (APSB14-07)

  5. #2014-014 Updated » thursday, february 20, 2014
    Zero Day Vulnerability in Internet Explorer Could Allow Remote Code Execution

  6. #2014-014 » friday, february 14, 2014
    Zero Day Vulnerability in Internet Explorer Could Allow Remote Code Execution

  7. #2014-013 » tuesday, february 11, 2014
    Security Update Available for Adobe Shockwave Player (APSB14-06)

  8. #2014-012 » tuesday, february 11, 2014
    Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

  9. #2014-011 » tuesday, february 11, 2014
    Cumulative Security Update for Internet Explorer (MS14-010)

  10. #2014-010 » tuesday, february 11, 2014
    Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (MS14-009)

  11. #2014-009 » tuesday, february 11, 2014
    Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)

  12. #2014-008 » tuesday, february 11, 2014
    Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)

  13. #2014-007 » tuesday, february 04, 2014
    Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

  14. #2014-006 » tuesday, february 04, 2014
    Vulnerability in Adobe Flash Player Could Allow Remote Code Execution (APSB14-04)

January 2014

  1. #2014-005 » tuesday, january 28, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution

  2. #2014-004 » tuesday, january 14, 2014
    Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution

  3. #2014-003 » tuesday, january 14, 2014
    Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)

  4. #2014-002 » tuesday, january 14, 2014
    Security Updates Available for Adobe Flash Player

  5. #2014-001 » tuesday, january 14, 2014
    Vulnerabilities in Adobe Reader and Acrobat Could Allow For Remote Code Execution (APSB14-01)

2013 Cyber Advisories

December 2013

  1. #2013-121 » tuesday, december 10, 2013
    Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (MS13-105)

  2. #2013-120 » tuesday, december 10, 2013
    Vulnerability in Microsoft Office Could Allow Information Disclosure (2909976)

  3. #2013-119 » tuesday, december 10, 2013
    Vulnerability in Microsoft Scripting Runtime Object Library Could Allow Remote Code Execution (2909158)

  4. #2013-118 » tuesday, december 10, 2013
    Vulnerability in Windows Could Allow Remote Code Execution (2893294)

  5. #2013-117 » tuesday, december 10, 2013
    Cumulative Security Update for Internet Explorer (MS13-097)

  6. #2013-116 » tuesday, december 10, 2013
    Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

  7. #2013-115 » tuesday, december 10, 2013
    Security Update Available for Adobe Shockwave Player

  8. #2013-114 » tuesday, december 10, 2013
    Multiple Vulnerabilities in Adobe Flash Player Could Allow Remote Code Execution

  9. #2013-104 - Updated » tuesday, december 10, 2013
    Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution

  10. #2013-113 » thursday, december 05, 2013
    Multiple Vulnerabilities in Google Chrome Could Allow Remote Code Execution

November 2013

  1. #2013-112 » friday, november 15, 2013
    Vulnerabilities in Google Chrome Could Allow Remote Code Execution

  2. #2013-111 » wednesday, november 13, 2013
    Vulnerabilities found in Adobe ColdFusion

  3. #2013-110 » wednesday, november 13, 2013
    Cumulative Google Chrome Updates

  4. #2013-109 » tuesday, november 12, 2013
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)

  5. #2013-108 » tuesday, november 12, 2013
    Cumulative Security Update of ActiveX Kill Bits (MS13-090)

  6. #2013-107 » tuesday, november 12, 2013
    Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution (MS13-089)

  7. #2013-106 » tuesday, november 12, 2013
    Cumulative Security Update for Internet Explorer (MS13-088)

  8. #2013-105 » tuesday, november 12, 2013
    Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR Could Allow Remote Code Execution

  9. #2013-104 » wednesday, november 06, 2013
    Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution

October 2013

  1. #2013-103 » thursday, october 31, 2013
    Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

  2. #2013-102 » friday, october 25, 2013
    Multiple Vulnerabilities in Apple Mac OS X Could Allow Remote Code Execution

  3. #2013-101 » wednesday, october 16, 2013
    Multiple Security Vulnerabilities reported in Google Chrome

  4. #2013-094 - Updated » wednesday, october 16, 2013
    Cumulative Security Update for Internet Explorer (MS13-080)

  5. #2013-100 » tuesday, october 08, 2013
    Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (MS13-086)

  6. #2013-099 » tuesday, october 08, 2013
    Multiple Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (MS013-085)

  7. #2013-098 » tuesday, october 08, 2013
    Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2885089)

  8. #2013-097 » tuesday, october 08, 2013
    Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (MS13-083)

  9. #2013-096 » tuesday, october 08, 2013
    Vulnerabilities in .NET Framework Could Allow Remote Code Execution (MS13-082)

  10. #2013-095 » tuesday, october 08, 2013
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (MS13-081)

  11. #2013-094 » tuesday, october 08, 2013
    Cumulative Security Update for Internet Explorer (MS13-080)

  12. #2013-093 » tuesday, october 08, 2013
    Vulnerability in Adobe Reader and Acrobat Could Allow For Remote Code Execution (APSB13-25)

  13. #2013-091 Updated » tuesday, october 08, 2013
    A vulnerability in Internet Explorer Could Allow Remote Code Execution (288705)

September 2013

  1. #2013-092 » monday, september 23, 2013
    Vulnerabilities in Apache Struts Could Allow Remote Code Execution

  2. #2013-091 » wednesday, september 18, 2013
    A vulnerability in Internet Explorer Could Allow Remote Code Execution (288705)

  3. #2013-090 » wednesday, september 18, 2013
    Multiple Security Vulnerabilities Reported in Mozilla Products

  4. #2013-089 » friday, september 13, 2013
    Multiple Vulnerabilities in Apple Mac OS X Could Allow Remote Code Execution

  5. #2013-088 » friday, september 13, 2013
    Vulnerability in WordPress Content Management System Could Allow Remote Code Execution

  6. #2013-087 » tuesday, september 10, 2013
    Vulnerabilities in Adobe Reader and Acrobat could allow Remote Code Execution (APSB13-22)

  7. #2013-086 » tuesday, september 10, 2013
    A Vulnerability in Adobe Flash Player Could Allow for Remote Code Execution

  8. #2013-085 » tuesday, september 10, 2013
    Multiple Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (MS13-074)

  9. #2013-084 » tuesday, september 10, 2013
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution(MS13 -073)

  10. #2013-083 » tuesday, september 10, 2013
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)

  11. #2013-082 » tuesday, september 10, 2013
    Vulnerability in Windows Theme File Could Allow Remote Code Execution (MS13-071)

  12. #2013-081 » tuesday, september 10, 2013
    Vulnerability in OLE Could Allow Remote Code Execution (MS13-070)

  13. #2013-080 » tuesday, september 10, 2013
    Multiple Vulnerabilities in Internet Explorer Could Allow Remote Code Execution (MS13-059)

  14. #2013-079 » tuesday, september 10, 2013
    Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (2756473)

  15. #2013-078 » tuesday, september 10, 2013
    Multiple Vulnerabilities found in Microsoft SharePoint Server (MS13-067)

  16. #2013-077 » tuesday, september 10, 2013
    Vulnerabilities in Adobe Shockwave Player could allow Remote Code Execution

August 2013

  1. #2013-076 » wednesday, august 21, 2013
    Multiple Security Vulnerabilities Reported in Google Chrome

  2. #2013-074 - Updated » friday, august 16, 2013
    Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (MS13-061)

  3. #2013-075 » tuesday, august 13, 2013
    Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (MS13-062)

  4. #2013-074 » tuesday, august 13, 2013
    Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (MS13-061)

  5. #2013-073 » tuesday, august 13, 2013
    Vulnerability in Unicode Scripts Processor could allow Remote Code Execution (2850869)

  6. #2013-072 » tuesday, august 13, 2013
    Multiple Vulnerabilities in Internet Explorer Could Allow Remote Code Execution (MS13-059)

  7. #2013-071 » wednesday, august 07, 2013
    Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

  8. #2013-070 » monday, august 05, 2013
    Joomla CMS is Vulnerable to Arbitrary File Upload

July 2013

  1. #2013-069 » tuesday, july 30, 2013
    Multiple Security Vulnerabilities reported in Google Chrome

  2. #2013-068 » wednesday, july 10, 2013
    Multiple Security Vulnerabilities reported in Google Chrome

  3. #2013-067 » tuesday, july 09, 2013
    Vulnerability in Windows Media Format Runtime Could Allow Remote Code Execution (2847883)

  4. #2013-066 » tuesday, july 09, 2013
    Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (2845187)

  5. #2013-065 » tuesday, july 09, 2013
    Vulnerability in GDI+ Could Allow Remote Code Execution (MS13-054)

  6. #2013-064 » tuesday, july 09, 2013
    Vulnerabilities in .NET Framework and Silverlight Could Allow Remote Code Execution (2861561)

  7. #2013-063 » tuesday, july 09, 2013
    Multiple Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2850851)

  8. #2013-062 » tuesday, july 09, 2013
    Cumulative Security Update for Internet Explorer (MS13-055)

  9. #2013-061 » tuesday, july 09, 2013
    Vulnerability in Adobe Shockwave Player could allow Remote Code Execution

  10. #2013-060 » tuesday, july 09, 2013
    Multiple Vulnerabilities in Adobe Flash Player Could Allow Remote Code Execution

June 2013

  1. #2013-059 » wednesday, june 26, 2013
    Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

  2. #2013-058 » tuesday, june 11, 2013
    Vulnerability in Microsoft Office Could Allow Remote Code Execution (MS13-051)

  3. #2013-057 » tuesday, june 11, 2013
    Cumulative Security Update for Internet Explorer (MS13-047)

  4. #2013-056 » tuesday, june 11, 2013
    A Vulnerability in Adobe Flash Player Could Allow for Remote Code Execution

  5. #2013-055 » wednesday, june 05, 2013
    Multiple Vulnerabilities in Apple Mac OS X could allow Remote Code Execution

  6. #2013-054 » wednesday, june 05, 2013
    Multiple Google Chrome Vulnerabilities Could Allow for Remote Code Execution

May 2013

  1. #2013-053 » thursday, may 23, 2013
    Multiple Vulnerabilities in Apple QuickTime Could Allow Remote Code Execution

  2. #2013-052 » thursday, may 23, 2013
    Multiple Google Chrome Vulnerabilities Could Allow for Remote Code Execution

  3. #2013-051 » wednesday, may 15, 2013
    Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

  4. #2013-044 - Updated » wednesday, may 15, 2013
    Vulnerability in Adobe ColdFusion Allows Unauthorized File Access (APSA13-03)

  5. #2013-050 » tuesday, may 14, 2013
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (MS13-043)

  6. #2013-049 » tuesday, may 14, 2013
    Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (MS13-042)

  7. #2013-048 » tuesday, may 14, 2013
    Cumulative Security Update for Internet Explorer (MS13-037)

  8. #2013-047 » tuesday, may 14, 2013
    Multiple Vulnerabilities in Adobe Reader and Acrobat Could Allow For Remote Code Execution (APSB13-15)

  9. #2013-046 » tuesday, may 14, 2013
    Multiple Vulnerabilities in Adobe Flash Player Could Allow Remote Code Execution

  10. #2013-045 » tuesday, may 14, 2013
    Vulnerability in Adobe ColdFusion Allows for Remote Code Execution (APSB13-13)

  11. #2013-042 Updated » tuesday, may 14, 2013
    Vulnerability in Internet Explorer Could Allow Remote Code Execution

  12. #2013-044 » friday, may 10, 2013
    Vulnerability in Adobe ColdFusion Allows Unauthorized File Access (APSA13-03)

  13. #2013-042 Updated » thursday, may 09, 2013
    Vulnerability in Internet Explorer Could Allow Remote Code Execution

  14. #2013-043 » tuesday, may 07, 2013
    Multiple Vulnerabilities In Adobe ColdFusion Could Allow Security Bypass

  15. #2013-042 » monday, may 06, 2013
    Vulnerability In Internet Explorer Could Allow Remote Code Execution

April 2013

  1. #2013-041 » tuesday, april 23, 2013
    Vulnerability In Oracle Java Runtime Environment Could Allow Remote Code Execution

  2. #2013-040 » tuesday, april 09, 2013
    Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (MS13-035)

  3. #2013-039 » tuesday, april 09, 2013
    Vulnerability in MS Remote Desktop Client Could Allow Remote Code Execution (MS13-029)

  4. #2013-038 » tuesday, april 09, 2013
    Cumulative Security Update for Internet Explorer (MS13-028)

  5. #2013-037 » tuesday, april 09, 2013
    Security Update available for Adobe Shockwave Player

  6. #2013-036 » tuesday, april 09, 2013
    Multiple Adobe Flash Player Vulnerabilities could allow Remote Code Execution

  7. #2013-035 » wednesday, april 03, 2013
    Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

March 2013

  1. #2013-034 » wednesday, march 27, 2013
    Multiple Security Vulnerabilities in Google Chrome Could Allow Remote Code Execution

  2. #2013-033 » friday, march 15, 2013
    Vulnerabilities in Oracle Java SE Could Allow Remote Code Execution

  3. #2013-032 » friday, march 15, 2013
    Multiple Vulnerabilities in Apple Mac OS X could allow Remote Code Execution

  4. #2013-031 » wednesday, march 13, 2013
    Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)

  5. #2013-030 » wednesday, march 13, 2013
    Vulnerabilities in SharePoint Could Allow Elevation of Privilege (MS13-024)

  6. #2013-029 » tuesday, march 12, 2013
    Adobe Flash Player Remote Code Execution Vulnerability (APSB13-09)

  7. #2013-028 » tuesday, march 12, 2013
    Cumulative Security Update for Internet Explorer (MS13-021)

  8. #2013-027 » tuesday, march 12, 2013
    Vulnerability in Microsoft Silverlight Could Allow Remote Code Execution (MS13-022)

  9. #2013-026 » tuesday, march 12, 2013
    Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (MS13-023)

  10. #2013-025 » friday, march 08, 2013
    Vulnerability in Mozilla Products Could Allow Remote Code Execution

  11. #2013-024 » tuesday, march 05, 2013
    Multiple Vulnerabilities in Google Chrome Could Allow for Remote Code Execution

  12. #2013-023 - Update » tuesday, march 05, 2013
    Vulnerability in Oracle Java Runtime Environment Could Allow Remote Code Execution

  13. #2013-023 » friday, march 01, 2013
    Vulnerability in Oracle Java Runtime Environment Could Allow Remote Code Execution

February 2013

  1. #2013-022 » wednesday, february 27, 2013
    Multiple Vulnerabilities in Adobe Flash Player Could Allow Remote Code Execution (APSB13-08)

  2. #2013-021 » friday, february 22, 2013
    Multiple Google Chrome Vulnerabilities Could Allow for Remote Code Execution

  3. #2013-018 - Updated » thursday, february 21, 2013
    Multiple Vulnerabilities in Adobe Reader and Acrobat Could Allow For Remote Code Execution (APSA13-02)

  4. #2013-020 » wednesday, february 20, 2013
    Oracle Java Runtime Environment (JRE) is prone to Multiple Security Vulnerabilities

  5. #2013-019 » wednesday, february 20, 2013
    Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

  6. #2013-018 » thursday, february 14, 2013
    Multiple Vulnerabilities in Adobe Reader and Acrobat Could Allow For Remote Code Execution (APSA13-02)

  7. #2013-017 » tuesday, february 12, 2013
    Vulnerabilities in Adobe Shockwave Player Could Allow Remote Code Execution

  8. #2013-016 » tuesday, february 12, 2013
    Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR Could Allow Remote Code Execution (APSB13-05)

  9. #2013-015 » tuesday, february 12, 2013
    Vulnerability in Vector Markup Language (VML) Could Allow Remote Code Execution (MS13-010)

  10. #2013-013 » tuesday, february 12, 2013
    Vulnerability in .NET Framework Could Allow Elevation of Privilege (MS13-015)

  11. #2013-012 » tuesday, february 12, 2013
    Cumulative Security Update for Internet Explorer (MS13-009)

  12. #2013-011 » tuesday, february 12, 2013
    Vulnerability in Media Decompression Could Allow Remote Code Execution (MS13-011)

  13. #2013-010 » tuesday, february 12, 2013
    Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (MS13-012)

  14. #2013-009 - Updated » tuesday, february 12, 2013
    Multiple Vulnerabilities in Adobe Flash Player Could Allow For Remote Code Execution (APSB13-04)

  15. #2012-014 » tuesday, february 12, 2013
    Vulnerability in OLE Automation Could Allow Remote Code Execution (MS13-0020)

  16. #2013-009 » friday, february 08, 2013
    Multiple Vulnerabilities in Adobe Flash Player Could Allow For Remote Code Execution (APSB13-04)

  17. #2013-008 » monday, february 04, 2013
    Multiple Vulnerabilities In Oracle Java Could Allow Remote Code Execution

  18. #2013-007 » friday, february 01, 2013
    Multiple Vulnerabilities in Novell GroupWise Could Allow Remote Code Execution

January 2013

  1. #2013-006 - Updated » monday, january 14, 2013
    Vulnerability in Oracle Java Could Allow Remote Code Execution

  2. #2012-097 - Updated » monday, january 14, 2013
    Vulnerability in Internet Explorer Could Allow Remote Code Execution

  3. #2013-006 » friday, january 11, 2013
    Vulnerability In Oracle Java Could Allow Remote Code Execution

  4. #2013-005 » wednesday, january 09, 2013
    Multiple Vulnerabilities in Mozilla Products Could Allow Remote Code Execution

  5. #2013-004 » tuesday, january 08, 2013
    Multiple Vulnerabilities in Adobe Reader and Acrobat Could Allow For Remote Code Execution (APSB13-02)

  6. #2013-003 » tuesday, january 08, 2013
    Vulnerability in Adobe Flash Player Could Allow For Remote Code Execution (APSB13-01)

  7. #2013-002 » tuesday, january 08, 2013
    Multiple Vulnerabilities in .NET Framework (MS13-004)

  8. #2013-001 » tuesday, january 08, 2013
    Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (MS13-002)

  9. #2012-097 - Updated » wednesday, january 02, 2013
    Vulnerability in Internet Explorer Could Allow Remote Code Execution

Advisories Archives

Cyber Threat Intelligence Coordinating Group (CTICG) Joint Advisories

The following cyber advisories were issued by the New York State Cyber Threat Intelligence Coordinating Group, which includes the following entities: Enterprise Information Security Office (EISO), NYS Office of Counter Terrorism, NYS Police, NYS Intelligence Center, Multi-State Information Sharing and Analysis Center, Federal Bureau of Investigation, US Secret Service, US Department of Justice, US Department of Homeland Security (National Cyber Security Division and Intelligence & Analysis Division) and Local Police Departments.

Advisories

  1. monday, october 24, 2011
    Metadata: A Backdoor Into Organizations
    The totality of metadata provided by documents, photographs and files can lead to significant vulnerabilities for any company. This Cyber Security Advisory is provided to remind the private sector and Federal, state, and local government agencies of the vulnerabilities associated with and the need to effectively control the release of metadata. It is specifically intended to be shared with personnel responsible for policy and information security and dissemination.

  2. friday, january 21, 2011
    Cyber Crime Executive Briefing
    This primer provides a common language between organization leaders and technical employees protecting networks from cyber threats. The sections of this document contain a brief introduction to cyber threats, appropriate for corporate, Federal, state and local agency leaders; it is not a comprehensive discussion of cyber crime. An enhanced understanding of the cyber crime field can assist leaders to deter, prevent, and respond to cyber threats.

  3. friday, january 21, 2011
    A CEO's Guide to Cyber Crime
    This two-page guide contains the highlights of the Cyber Crime Executive Briefing. While we strongly suggest reading the slightly longer full document, this briefing will provide an overview of the cyber crime threat.

  4. wednesday, october 27, 2010
    Web 2.0 Security for Businesses and Employees
    This Cyber Security Advisory is provided to assist the private sector and Federal, state, and local government agencies in effectively deterring, preventing, preempting, and responding to dynamic user-based web content vulnerabilities.

  5. wednesday, july 28, 2010
    Windows Zero Day Exploit Targeting Siemens SIMATIC WINCC and PCS7 Platforms
    This technical advisory is being provided as an information resource in response to the malware that was discovered on 14 July 2010, which exploits an un-patched Microsoft vulnerability and is targeting the Siemens SIMATIC WinCC and SIMATIC PCS 7 platforms used by SCADA process control systems (PCS).

  6. friday, march 12, 2010
    Information and Recommendations Regarding Unauthorized Wire Transfers Relating to Compromised Cyber Networks
    Cyber security best practices that help reduce the risks associated with online banking.

Other Cyber Advisories

These links are provided because they have information that may be useful. The Enterprise Information Security Office (EISO) and the State of New York do not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of EISO or the State of New York.

Deborah A. Snyder

Acting Chief Information Security Officer


 

Cyber Security

GIS