Showing posts with label Advisory. Show all posts
Showing posts with label Advisory. Show all posts

The “Shellshock” BASH Vulnerability and EnCase Products

Ken Basore

We know that our customers are concerned about the “Shellshock” BASH vulnerability and whether it affects our EnCase software, our Tableau hardware products, or any of our corporate systems. This is a legitimate concern, and because we have the utmost concern for your organizational and data security, we want to give you all the information you need regarding it. Below we address one by one the key areas that you may be wondering about.

On OpenSSL Security Advisory CVE-2014-0224

After the well-documented, highly publicized Heartbleed flaw in OpenSSL was made public, many of our customers reached out to Guidance Software to confirm whether our products were affected.  At that time, we confirmed: Guidance Software products do not use OpenSSL at all.

On June 5th, 2014, another OpenSSL vulnerability was published: CVE-2014-0224. Once again, Guidance Software confirms our products do not use OpenSSL and are therefore unaffected by the latest published vulnerability in OpenSSL.

Questions? Comments? Add below or reach out to us on Twitter @EnCase

Using EnCase Analytics to Visually Scan for Signs of the Microsoft Word 2010 Exploit

Alfred Chung

Yesterday, Microsoft issued Security Advisory 2953095 to announce a vulnerability in Microsoft Word 2010 that could allow remote-code execution, “…if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same users rights as the current user.”