We know that our customers are concerned about the “Shellshock” BASH vulnerability and whether it affects our EnCase software, our Tableau hardware products, or any of our corporate systems. This is a legitimate concern, and because we have the utmost concern for your organizational and data security, we want to give you all the information you need regarding it. Below we address one by one the key areas that you may be wondering about.
Showing posts with label Advisory. Show all posts
Showing posts with label Advisory. Show all posts
The “Shellshock” BASH Vulnerability and EnCase Products
- Categories: Advisory , BASH , Linux , Shellshock
On OpenSSL Security Advisory CVE-2014-0224
After the well-documented, highly publicized Heartbleed flaw in OpenSSL was made public, many of our customers reached out to Guidance Software to confirm whether our products were affected. At that time, we confirmed: Guidance Software products do not use OpenSSL at all.
On June 5th, 2014, another OpenSSL vulnerability was published: CVE-2014-0224. Once again, Guidance Software confirms our products do not use OpenSSL and are therefore unaffected by the latest published vulnerability in OpenSSL.
Questions? Comments? Add below or reach out to us on Twitter @EnCase.
- Categories: Advisory
Using EnCase Analytics to Visually Scan for Signs of the Microsoft Word 2010 Exploit
Yesterday, Microsoft issued Security
Advisory 2953095 to announce a vulnerability in Microsoft Word 2010 that could
allow remote-code execution, “…if a user opens a specially crafted RTF file
using an affected version of Microsoft Word, or previews or opens a specially
crafted RTF email message in Microsoft Outlook while using Microsoft Word as
the email viewer. An attacker who successfully exploited the vulnerability
could gain the same users rights as the current user.”
