Detecting Vector Markup Language (VML) issues on Windows Systems
Yesterday, Tenable's research group released Nessus plugin #22449 which can detect Windows systems that are missing a set of patches covered in Microsoft bulletin MS06-055. This patch fixes security issues related to Outlook and Internet Explorer's use of the Vector Markup Language APIs. Systems with this vulnerability are exposed to exploitation from visiting hostile web pages or receiving email designed to exploit the flaws in VML. The plugin is a patch audit and requires domain credentials to analyze the remote system. This plugin is available to all Direct Feed subscribers and Security Center users.
Related Articles
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
August 14, 2024Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
August 13, 2024Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.
Compromising Microsoft's AI Healthcare Chatbot Service
August 13, 2024Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.